[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: radiusd-freeradius history and future



On Wed, Nov 12, 2003 at 05:23:09PM +0100, Javier Fernández-Sanguino Peña wrote:
> > It does adduser freerad shadow on first installation, but not after that
> > (on the advice of Steve Langasek) to allow the local authentication code
> > to work, and to give the admin the freedom to disable this for added
> > security if they're not using the local authentication code.

> Yes, I missed the 'adduser' calls in postinst. In any case, it would be 
> nice if, instead of 'freerad' a generic 'radiusd' user was used so that it 
> could be "shared" by different radius packages. Not that one would want to 
> install different Radius servers and share the users file, but just for 
> consistency and to avoid having multiple 'freerad', 'cistronrad', 
> 'livingston' users.

Are you kidding?  And link the security of freeradius processes to that
of those old, crufty, scary packages? ;)

[Over the years, I've had occasion to use each of these RADIUS
implementations.  While Livingston RADIUS is the granddaddy of them all,
I don't think it ever got much peer review except in the form of forks
-- like Cistron.  And while Cistron was good at the time, and I trust
Miquel's abilities, the security bar has been moved significantly from
where it was when the freeradius reimplementation began.]

-- 
Steve Langasek
postmodern programmer

Attachment: pgp8ow2Un2PzM.pgp
Description: PGP signature


Reply to: