On 11/19/2011 12:26 AM, Gregory Machin wrote:
Hi.
We are using using PAM to authenticate users against Freeradius, an
that is working well. The problem is that the users are 3rd party
developers and some need root access. The issue we have is that the
radius secret is stored in clear text file. How can this be hidden so
that is can be misused ?
There's no way within FreeRADIUS. The secret must be in plaintext, in
order to be used.
If you don't trust the users, you shouldn't give them root access.
I suppose it might be possible to use a MAC system like SELinux to
confine the untrusted parties into a domain which can't read the
FreeRADIUS config files, but can do everything else - but it would be
tricky.
Basically - you can't hide things from root.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
