NAS info + MySQL

Alan DeKok aland at ox.org
Tue Jun 7 00:13:32 CEST 2005


Marcin Jessa <lists at yazzy.org> wrote:
> The way I understand it, say a PHP script used to HUP radiusd would get executed as the httpd user. In that case the httpd deamon would need to be added to the sudoers group like this:
> www     your.server = NOPASSWD: /usr/local/sbin/radiusd
> How else can this be done?

  Huh?  why would you permit user www to run radiusd?

  You need to send a HUP signal to radiusd.  You don't need to run it.

> The FreeRadius daemon can be remotely accessed and it updates data
> stored in SQL database.  Does it make it unsecure ?

  The more pieces you have involved, the less secure something is.

  FreeRADIUS is more secure than
  FreeRADIUS + SQL, is more secure than
  FreeRADIUS + SQL + web admin too, is more secure than
  FreeRADIUS + SQL +....


> What in your opinion would make an elegant solution to create a
> user-friendly tool to configure FreeRadius ?

  *I* wasn't the one asking for an elegant solution.  You were.  I was
just pointing out that a solution you called "not very elegant" is
pretty much identical to what a solution you're implementing.

>> [ re: todo ]
>
> I was convinced you were a part of the developers team and every
> project I know of has certain goals and milestones.

  There's no official "todo" list for FreeRADIUS.  If you want a
feature, submit a request on bugs.freeradius.org.  Even better, submit
a patch, so it's easy to add the feature.

  Alan DeKok.




More information about the Freeradius-Users mailing list