Prevent uid sharing or hot to allow use uid only once
Sergio Belkin
sebelk at gmail.com
Fri Jun 5 17:15:55 CEST 2009
2009/6/5 John Dennis <jdennis at redhat.com>:
> Sergio Belkin wrote:
>> Hi,
>>
>> Let's suppose that John Doe comes and login with jdoe uid, then Joe
>> comes and wants to use wireless network, but he has not entry neither
>> Ldap nor in radius users file, so he ask for jdoe that pass him its
>> uid and password to login. Sorry if that sounds somewhat stupid but
>> can we prevent that from radius? (please don't tell me to fire John
>> Doe ;) ).
>>
>
> I don't understand the problem or what you're trying to solve. So what
> if Joe mistakenly tries to used John's username, it won't work as he
> won't know Joe's password. This is no different than an attempted
> network break in which should be prevented by locking your resources
> down and ensuring strong passwords. Never in any instance will resources
> authorized for one user be granted to another user unless you've
> configured something wrong. If the problem is that both John and Joe
> want the same username then one needs to explain to Joe that username is
> already in use and he'll have to use another one.
>
> --
> John Dennis <jdennis at redhat.com>
>
What I meant if that employee John pass his coworker Joe their
credentials, both user and password, well that could not be so
terrible. Now, let's suppose then that your company organize an event
an come 100 people, they want to use wireless network, so John comes
and has the "great" idea of passing their credentials to attendants,
so you have more than 100 people using the same uid and password at
once...
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
More information about the Freeradius-Users
mailing list