From owner-freebsd-questions@FreeBSD.ORG Thu Jan 6 16:05:08 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6336B1065670 for ; Thu, 6 Jan 2011 16:05:08 +0000 (UTC) (envelope-from ipfreak@yahoo.com) Received: from web130206.mail.mud.yahoo.com (web130206.mail.mud.yahoo.com [66.94.238.142]) by mx1.freebsd.org (Postfix) with SMTP id 234938FC14 for ; Thu, 6 Jan 2011 16:05:07 +0000 (UTC) Received: (qmail 53843 invoked by uid 60001); 6 Jan 2011 16:05:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1294329905; bh=tKgbT2FLVrYEaXTQSUDjTlEeU9lxQtwBZfS04DPJw4I=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=rcCZMyDafZikwGIfXMR5gm8xZTDDE8kt1uvGZQkqqU3/YD0aYGwPPSOPyH83w43c3f3yJrVyEXSJdUCLGFyXcUo4UnvHrixgPdo/S+QK9e/OMtX9rnrbTa/8Gcpv8sR13IM0MiklZZ1fQxLe/Yae/A1F9pEwFMZ4dZZBllzDE+w= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=TzvozIHkjgSgSU1zU/G4xCUldPKjVKqnNbzhdhFqh7PcfROybYmDx1RjqOoJmHmKKe8X3u3PmKpgjgEgHSNVVCCTZsXzDZGjhs7k+oMRcEQRrjRZ/zM8thwv8durEDF6CLfCFOOdfXBAkFNuE4Q09VwaDt3+nKLDM6vrR5A4fPM=; Message-ID: <836594.49162.qm@web130206.mail.mud.yahoo.com> X-YMail-OSG: nuh2.0IVM1n9FonPq7JeBmHWR7FVJYou4tijxu_C7YBfohg u3d7U1qKlr80Kyg9Nqu9qAsRryIRZeDt3CPdBZr8lAL9tDudUZxcfHqNVpXU 0EKUZ4cVl.JsJl72hBNah17cb1lcddaBeYyff7o8fmFtou3P_v_Zbbwr4pFO .rZbAMl7u1rDZszl71AKcM_b8Hpg.L8FRgGpWFuMbTUGHpVp5J.hXfAhxmGm wodpC19R202dzQ.pJr0wShL4XTOQrcl2oxjCgDMSZyWKv2HVmjuVr4LkoMhB 0xEzROIlZjgdDc05_3NBN9UfxQ4C0lGBw_n4eb7zXI1F7VjyhXOKP8BNIWOR lFRiaU2JIixkZBQuDrqOy2Cb9cHHsthV5_4YNMxkiQ6_Gfa.GuykPxGtymEQ Yokf8XdZ2 Received: from [184.80.143.6] by web130206.mail.mud.yahoo.com via HTTP; Thu, 06 Jan 2011 08:05:05 PST X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259 Date: Thu, 6 Jan 2011 08:05:05 -0800 (PST) From: gahn To: Bill Moran , Indexer In-Reply-To: <22B48F74-6976-4DCB-8F3C-CE0D0D425173@internode.on.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd general questions Subject: Re: freebsd and X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jan 2011 16:05:08 -0000 thanks. i am looking into the suggestions.=0A=0Abest=0A=0Agahn=0A=0A--- On = Wed, 1/5/11, Indexer wrote:=0A=0A> From: Indexer= =0A> Subject: Re: freebsd and=0A> To: "Bill Mora= n" =0A> Cc: "gahn" , "freebsd = general questions" =0A> Date: Wednesday, Jan= uary 5, 2011, 4:53 PM=0A> -----BEGIN PGP SIGNED MESSAGE-----=0A> Hash: SHA1= =0A> =0A> =0A> On 06/01/2011, at 07:02, Bill Moran wrote:=0A> =0A> > =0A> >= (don't see why this was on -current)=0A> > =0A> > In response to gahn :=0A> >> hi all:=0A> >> =0A> >> i set up the freeradius 21.1= 00.1 on freebsd 8.1.=0A> it uses local authentication database of /etc/pass= wd (thanks=0A> to the previous discussions alan did with others). the=0A> p= roblem is: it only works with the condition of the server=0A> id running as= "root" instead of "freeradius" due to the one=0A> way MD5 hash of /etc/pas= swd file.=0A> >> =0A> >> are there any other better ways to implement=0A> t= his?=0A> > =0A> > a) Put the Radius server in a jail, so it can run as=0A> = root without all the=0A> >=A0=A0=A0security concerns.=0A> > b) Use somethin= g other than /etc/passwd=0A> authentication=0A> > =0A> =0A> Cant radius use= pam? perhaps you should look into that. =0A> =0A> It may be a pain though,= freeradius is largely=0A> undocumented, and what documentation exists is o= ften=0A> incomplete, incorrect and full of people touting "IT JUST=0A> WORK= S" when 99% of the time, It never works. Once you figure=0A> it out however= , its great. I would highly recommend putting=0A> your raddb into a version= control system. =0A> =0A> > -- =0A> > Bill Moran=0A> > http://www.potentia= ltech.com=0A> > http://people.collaborativefusion.com/~wmoran/=0A> > ______= _________________________________________=0A> > freebsd-questions@freebsd.o= rg=0A> mailing list=0A> > http://lists.freebsd.org/mailman/listinfo/freebsd= -questions=0A> > To unsubscribe, send any mail to "freebsd-questions-unsubs= cribe@freebsd.org"=0A> =0A> William Brown=0A> =0A> pgp.mit.edu=0A> =0A> =0A= > =0A> -----BEGIN PGP SIGNATURE-----=0A> Version: GnuPG/MacGPG2 v2.0.16 (Da= rwin)=0A> =0A> iQIcBAEBAgAGBQJNJRKdAAoJEHF16AnLoz6Je6YP/j5sfpXOReiyviyNutut= zGfA=0A> dS+/6MoBfumuzdLAxTZ5gCJ4r7hIWJSbl0vPbt8zDbigcGJKcuT63dfdeAsV/7vu= =0A> /0KqeC1HbrS5mXB2bVVjUvxgm+LbTlTrS8pIkS3A1jWSvvYgqb5ABXL2gXDARJig=0A> p= Q5Ehw/mJsgNNmYOrHD1FV5H1/0s0arXSK6rK/sJa7qBIyuLvfuatfK2NOFlPAr5=0A> ST1UqvG= rEVP5vA4GGO3+l4m7CBIuzVBuVaLpTpsHUXcdjxoB0bgZrR6se42z7VFo=0A> PgClT1bKv/Ht8= rD9EO6oRpASAHB89/K1HpNvHbV9KT+veuKcla0xVPilpyt+XMES=0A> c4iDxwOBzml+N6QPiGd= D9+GhfvZbg2JBgHoGYFXclyDJFceiDVkMgTWN75miB+d4=0A> tMTZbtwkQNoobRmp/BCAlVqRJ= C3dUQeVqDSAUkuMf6ZU0WQWfh6g8qtGb0IA5mWH=0A> u0mRbBacEr4kx3bSeIzCb09DJMkDFmb= 1/kaQPVqUEYpU+ggW8yLV5sz/vdomdpRB=0A> 6hUfcXHnGK/GY4FsMPHaLTWghHdG6cFv8XwM/= 8ftsrCTtJYl0mD8xzSxqeTBCrua=0A> VPHcZ0d4gxe7reylYZfp8NqTAK96JBkRqEoTtYyi6Oi= y8kbolY8SHiok98o/uydT=0A> nGM30URjS7EC7oSyL4N5=0A> =3DppAO=0A> -----END PGP= SIGNATURE-----=0A> =0A=0A=0A