Authenticating groups via LDAP
Josip Rodin
joy at entuzijast.net
Sun May 23 12:35:43 CEST 2010
On Sat, May 22, 2010 at 01:45:59PM -0400, John Dennis wrote:
> rather than renaming all the config files to have a common extension and
> only loading those files with extension the correct extension the
> preferred model would be to utilize enabled,available directories. The
> filenames would stay the same as would the practice of loading every
> file in the enabled directory. But the enabled directory would contain
> only symlinks. However that would still probably leave the problem of
> editor back up files and the naive admin who might copy a file (which
> invisibly would be a symlink) to a backup name.
We already have that particular problem with -enabled/ but it's confined
to the realm of really sloppy admins who forget to edit in -available/.
This is still acceptable and alleviates the original problem sufficiently,
and it requires no code changes, just the default configuration changes.
IMHO just changing modules to the -enabled/-available scheme would be a good
first step and it should be done first, in 2.1.10 or whenever.
--
2. That which causes joy or happiness.
More information about the Freeradius-Users
mailing list