Hiding "secret" used in for PAM authentication
jdennis at redhat.com
Sat Nov 19 16:35:58 CET 2011
On 11/18/2011 07:33 PM, Gregory Machin wrote:
> We are using using PAM to authenticate users against Freeradius, an
> that is working well. The problem is that the users are 3rd party
> developers and some need root access. The issue we have is that the
> radius secret is stored in clear text file. How can this be hidden so
> that is can be misused ?
> Is there a document on hardening Freeradius ?
Giving 3rd party users root access to servers with sensitive information
is dumb. Nothing is protected once you have root. You need to seriously
reconsider why anybody except a trusted small group of admins need root.
I can't seriously believe you're asking a question about hardening after
declaring you intend to give root away. The very first rule of hardening
is to restrict root access, all hardening efforts are a complete waste
of time once root is compromised.
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
More information about the Freeradius-Users