RADDB 2.1.7 and /etc/shadow
John Dennis
jdennis at redhat.com
Sat May 22 15:46:41 CEST 2010
On 05/21/2010 07:31 PM, sbchem wrote:
>
> Greetings,
>
> I installed a fresh copy of FreeRadius v 2.1.7 on CentOS 5. Ran radtest
> locally as well as remotely and it works great. Now I want to point the
> server to my /etc/shadow file which lives on the same machine. I have not
> made any changes to the default config except to change the group ownership
> of my shadow file to radiusd so the radius daemon can access it.
It's not a good idea to change the ownership of /etc/shadow from a
security and system perspective. Rather than using rlm_unix use rlm_pam
instead. PAM is a much cleaner way to authenticate system users, not
just for FreeRADIUS but for all applications authenticating system
users. It is the preferred methodology for a variety of reasons.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list