Running as root to authenticate against system accounts..

[Kevin Hanser]

Hello,

I've recently been looking into getting a FreeRADIUS server to 
authenticate against the system passwd file.  When I was originally 
testing, it always seemed to reject my access, no matter what I tried.  
So I did some searching on the lists, and found another person that was 
having a similar issue.  They discovered that the system only allows 
root to read the shadow password file, so when radius was requesting the 
password, it would get rejected. 

So I changed my setup to run the radiusd daemon as root, and tested 
again.  Sure enough, if radiusd is run as root, I can authenticate 
against the system.

So now my question is:  What security concerns should I have if I run 
the radiusd as root?  Is there another way to do this that doesn't 
require radiusd to run as root?

Basically, I just want to make sure this is the best way to authenticate 
against system accounts, or if there's some other method that I've missed :)

thx!

k