Prevent uid sharing or hot to allow use uid only once
John Dennis
jdennis at redhat.com
Fri Jun 5 18:07:16 CEST 2009
Sergio Belkin wrote:
> 2009/6/5 John Dennis <jdennis at redhat.com>:
>> Sergio Belkin wrote:
>>> Hi,
>>>
>>> Let's suppose that John Doe comes and login with jdoe uid, then Joe
>>> comes and wants to use wireless network, but he has not entry neither
>>> Ldap nor in radius users file, so he ask for jdoe that pass him its
>>> uid and password to login. Sorry if that sounds somewhat stupid but
>>> can we prevent that from radius? (please don't tell me to fire John
>>> Doe ;) ).
>>>
>> I don't understand the problem or what you're trying to solve. So what
>> if Joe mistakenly tries to used John's username, it won't work as he
>> won't know Joe's password. This is no different than an attempted
>> network break in which should be prevented by locking your resources
>> down and ensuring strong passwords. Never in any instance will resources
>> authorized for one user be granted to another user unless you've
>> configured something wrong. If the problem is that both John and Joe
>> want the same username then one needs to explain to Joe that username is
>> already in use and he'll have to use another one.
>>
>> --
>> John Dennis <jdennis at redhat.com>
>>
>
>
> What I meant if that employee John pass his coworker Joe their
> credentials, both user and password, well that could not be so
> terrible. Now, let's suppose then that your company organize an event
> an come 100 people, they want to use wireless network, so John comes
> and has the "great" idea of passing their credentials to attendants,
> so you have more than 100 people using the same uid and password at
> once...
>
>
Read the FAQ (http://wiki.freeradius.org/FAQ) and search for "simultaneous"
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list