On Wed, Nov 12, 2003 at 05:23:09PM +0100, Javier Fernández-Sanguino Peña wrote: > > It does adduser freerad shadow on first installation, but not after that > > (on the advice of Steve Langasek) to allow the local authentication code > > to work, and to give the admin the freedom to disable this for added > > security if they're not using the local authentication code. > Yes, I missed the 'adduser' calls in postinst. In any case, it would be > nice if, instead of 'freerad' a generic 'radiusd' user was used so that it > could be "shared" by different radius packages. Not that one would want to > install different Radius servers and share the users file, but just for > consistency and to avoid having multiple 'freerad', 'cistronrad', > 'livingston' users. Are you kidding? And link the security of freeradius processes to that of those old, crufty, scary packages? ;) [Over the years, I've had occasion to use each of these RADIUS implementations. While Livingston RADIUS is the granddaddy of them all, I don't think it ever got much peer review except in the form of forks -- like Cistron. And while Cistron was good at the time, and I trust Miquel's abilities, the security bar has been moved significantly from where it was when the freeradius reimplementation began.] -- Steve Langasek postmodern programmer
Attachment:
pgp9QaKPOw5c1.pgp
Description: PGP signature