On 05/21/2010 07:31 PM, sbchem wrote:
Greetings, I installed a fresh copy of FreeRadius v 2.1.7 on CentOS 5. Ran radtest locally as well as remotely and it works great. Now I want to point the server to my /etc/shadow file which lives on the same machine. I have not made any changes to the default config except to change the group ownership of my shadow file to radiusd so the radius daemon can access it.
It's not a good idea to change the ownership of /etc/shadow from a security and system perspective. Rather than using rlm_unix use rlm_pam instead. PAM is a much cleaner way to authenticate system users, not just for FreeRADIUS but for all applications authenticating system users. It is the preferred methodology for a variety of reasons.
-- John Dennis <jden...@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html