NAS info + MySQL
Alan DeKok
aland at ox.org
Tue Jun 7 00:13:32 CEST 2005
Marcin Jessa <lists at yazzy.org> wrote:
> The way I understand it, say a PHP script used to HUP radiusd would get executed as the httpd user. In that case the httpd deamon would need to be added to the sudoers group like this:
> www your.server = NOPASSWD: /usr/local/sbin/radiusd
> How else can this be done?
Huh? why would you permit user www to run radiusd?
You need to send a HUP signal to radiusd. You don't need to run it.
> The FreeRadius daemon can be remotely accessed and it updates data
> stored in SQL database. Does it make it unsecure ?
The more pieces you have involved, the less secure something is.
FreeRADIUS is more secure than
FreeRADIUS + SQL, is more secure than
FreeRADIUS + SQL + web admin too, is more secure than
FreeRADIUS + SQL +....
> What in your opinion would make an elegant solution to create a
> user-friendly tool to configure FreeRadius ?
*I* wasn't the one asking for an elegant solution. You were. I was
just pointing out that a solution you called "not very elegant" is
pretty much identical to what a solution you're implementing.
>> [ re: todo ]
>
> I was convinced you were a part of the developers team and every
> project I know of has certain goals and milestones.
There's no official "todo" list for FreeRADIUS. If you want a
feature, submit a request on bugs.freeradius.org. Even better, submit
a patch, so it's easy to add the feature.
Alan DeKok.
More information about the Freeradius-Users
mailing list