Old school: FreeRADIUS and NIS

Mark Haney mhaney at practichem.com
Mon Mar 10 18:22:40 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 03/10/14 12:40, Phil Mayers wrote:
> On 10/03/14 16:23, Mark Haney wrote:
> 
>> So, now that I have that out of the way, it seems rlm_unix isn't
>> able to read /etc/shadow.  I'm assuming the getspnam(username)
>> call is trying to read /etc/shadow?  If so, how is the best way
>> to fix this?
> 
> Set the permissions on /etc/shadow.
> 
> Alternatively, to repeat myself, rlm_pam might work, as PAM has an 
> setuid-root helper to read /etc/shadow.

Good lord, this is just getting kinda silly.  So, I suppose I can
'chgrp radiusd /etc/shadow' and set read permissions with 'chmod +r
/etc/shadow' and have it work, but everything I see says not to do
that.  I found a post saying to use the passwd module, but the
comments in it say to use either PAM or rlm_unix.  I quick check of
the comments in rlm_unix say that as of v1.1.0 unix can no longer read
of cache /etc/shadow and to use the passwd module.  That's some
crackerjack documentation.  Nothing like running in circles.

I suppose PAM it is, but at this point, I'm just telling my boss it'll
have to wait to get this working since it's apparently NOT recommended
to use Unix passwords in any form but LDAP based on the warning and
recommendations in the documentation.

I appreciate all the help, despite the tone to the contrary.


- -- 
Mark Haney
Network/Systems Administrator
Practichem
W: (919) 714-8428
Fedora release 20 (Heisenbug) 3.13.4-200.fc20.x86_64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTHfTUAAoJEM/YzwEAv6e7CZ0H/1bZrz62zLCKWblV98O2Pbl4
ZjSWQafFLip8a2GMquZapa59IHUuUwioubmjdhoBwmKM+X3QNy0RHHjzXlVCFHVB
nRlnZVE01vy1IZg1IGLlubmqa575JqjZNdXfKnWruX6Vtzh4j15K7RVNwJjwL2GU
p4KmxE0IAh+4LTygka80wGDJfKch5iqfd7JkoSUGRzgSsfd2yMR8noX8pRulxUcq
gBh/xwh6CRCBBP2/+lNnt88D7NS1YS5z5JZ6EisDJWH7dQZkxlmJ68Dgym3CSJQ3
Uh44pafOzncVytaxO1j3vzRjcy8glWUae2muyp/MT1khGVbJSBu7GnJmyQIiZLY=
=+S4G
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list