Marcin Jessa <lists@yazzy.org> wrote:
The way I understand it, say a PHP script used to HUP radiusd would get executed as the httpd user. In that case the httpd deamon would need to be added to the sudoers group like this: www your.server = NOPASSWD: /usr/local/sbin/radiusd How else can this be done?
Huh? why would you permit user www to run radiusd? You need to send a HUP signal to radiusd. You don't need to run it.
The FreeRadius daemon can be remotely accessed and it updates data stored in SQL database. Does it make it unsecure ?
The more pieces you have involved, the less secure something is. FreeRADIUS is more secure than FreeRADIUS + SQL, is more secure than FreeRADIUS + SQL + web admin too, is more secure than FreeRADIUS + SQL +....
What in your opinion would make an elegant solution to create a user-friendly tool to configure FreeRadius ?
*I* wasn't the one asking for an elegant solution. You were. I was just pointing out that a solution you called "not very elegant" is pretty much identical to what a solution you're implementing.
[ re: todo ]
I was convinced you were a part of the developers team and every project I know of has certain goals and milestones.
There's no official "todo" list for FreeRADIUS. If you want a feature, submit a request on bugs.freeradius.org. Even better, submit a patch, so it's easy to add the feature. Alan DeKok.