Security issues with 1.1.3 flatfile

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Mon Aug 1 23:16:26 CEST 2011 

> So my questions are:

There REALLY needs to be a good reason that you are running any 1.X version or else your question should be, Why haven't I upgraded to the latest and most secure FreeRADIUS release.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221

From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of d.tom.schmitt at L-3com.com
Sent: Monday, August 01, 2011 4:09 PM
To: freeradius-users at lists.freeradius.org
Subject: Security issues with 1.1.3 flatfile


Currently running 1.1.3 on CentOS 5.x.



I am currently using the flat file option and it works just fine as long as the permissions on the file are:

      664   RW-RW-R-

      Record in the file looks like:

            Tom <tab> Auth-Type := Local, User-Password := "tompass"

This allows everyone to read the file - not good security.

If I change the permissions to 660 RW-RW---- then freeRADIUS will not restart.



I started setting up freeRADIUS to use MySQL DB for access but I must have something setup incorrectly.



I tried to follow the How-To but still must be missing something in the setup.

I have inserted a record into DB=radius and TALBE=radcheck where:

      Id = selected by the MySQL as the next index number

      UserName = tom

      Attribute = 'Cleartext-Password'

      Op = ':='

      Value = tompass   is the password



So my questions are:

1.   Is there a way to just secure the flatfile permissions?

2.   Is there a complete How-To for using MySQL with freeRADIUS?


Thanks,

Tom Schmitt
Senior IT Staff - R&D
L-3 Communication Systems West
Phone (801) 594-3030
            \\\\||////
               \ ~  ~ /
               | @  @ |
--oOo---(_)---oOo--
Have A Nice Day !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110801/5e91b0ff/attachment.html>

More information about the Freeradius-Users mailing list