Freeradius-Users Digest, Vol 124, Issue 3

JCA 1.41421 at gmail.com
Tue Aug 4 22:21:37 CEST 2015


> On Aug 3, 2015, at 11:45 PM, JCA <1.41421 at gmail.com> wrote:
>>>  What's with the one letter acronyms?  It just makes things harder to understand.
>>
>> It's for conciseness - it's simpler to write R than "RADIUS server"
>> every time. My apologies if this misled you.
>
>   It doesn't mislead.  It's confusing and broken.  "l33t" speak isn't useful, and is discouraged on this list.

It's not "l33t" speak; it's compact notation in order to keep things
short and to the point. My apologies if that confuses you.

>
>>>  What you want is impossible to do.  PAM is designed to do authentication.  You CANNOT set group membership with PAM.
>>
>> You can't, or you shouldn't?
>
>   I distinctly recall writing CANNOT.
>
>> What prevents one from writing a PAM
>> module (or modifying an existing one) so that it will receive group
>> information from the RADIUS server and modify /etc/group accordingly
>> before returning to the caller?
>
>   Reality?
>
>   Writing to /etc/group is forbidden.  For very good reasons.
>
>   Alan DeKok.

Well, I have just tried (as root, in CentOS) to edit /etc/group by
hand, and I had no problems. Is it not the case that if the RADIUS PAM
module runs as root, it will also be able to do so?


More information about the Freeradius-Users mailing list