AD Auth Question

Martin, Jeremy jmartin at emcc.edu
Mon Jan 1 16:28:22 CET 2018


Really really.  But yes I agree if there is a need then to update makes sense but largely once it is stable it will probably go untouched unless needed as there is one job per machine in most cases and this type of machine tends to sit behind a secured network were users themselves don’t interact with them and once deployed little extra functionality is needed, when it is - then we tend to look at them otherwise it gets harden and secured from users so for this type of deployment once it is up and working if it isn’t broke don’t fix it seems to be appropriate for machines that can’t be logged into or otherwise connected to by end users.  But for machines such as databases and web servers etc I would agree content updates and patches are a normal procedure but I moved them from Linux to Windows just because when I started to keep track of the actual hours and updates applied it was more time efficient to patch the windows side then the linux side.

Jeremy

On Jan 1, 2018, at 10:03 AM, Alan Buxey <alan.buxey at gmail.com> wrote:

hi,


Thanks for your input I will have to step back and think on this piece as it is honestly the first time on any package in RHEL where I have ever run into this type of thing over the last 20 years in using it so I am just a bit surprised that it came up.  So I think the avenue for this once I get it solved may be to never ever update the server as we have had to implement some custom checking with the md5 portion of eap to deal with the crappy way avaya deals with the supplicant on their ip phones.

really? I've had it all the time with eg apache, modprobe changes, etc
- my file systems are constantly populated with .rpmnew and .rpmsave
files  :)

you shouldnt stick on a version because of a config requirement -
theres always security fixes, bug fixes etc.   for your custom md5
requirement you would simply have your own
local module config to deal with that and not stick it into the
standard files. thus making migration or upgrades easier.  as noted,
new configs wouldnt overwrite yours - you need to
check for .rpmnew and use 'diff' etc to check for changes/updates

alan

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list