DISCLAIMER: We are a Windows-shop, and this is our first Linux server
deployment, so I'm having to ask newbie questions, sorry about that!
I have a working RADIUS server, "RADIUS01" running Centos/Freeradius.
Freeradius is configured to store username and PIN-style passwords in MySQL. To
go live with our RADIUS implementation, I have been tasked with making the
selection of PIN's a self-service process. I'm considering an email-based
approach where u...@foobar.org.uk can email p...@foobar.org.uk in order to
achieve PIN maintenance. (I understand the risk of email header spoofing).
Since I don't know Linux terribly well, I'm asking the group if my proposal is
a sensible approach? Am I re-inventing any wheels? Should I consider an
alternative method?
Thanks
-----------------------------------------------------------
My brief spec:
RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing
to monitor a predefined email account such as p...@foobar.org.uk
Sending a blank email to p...@foobar.org.uk will respond with:
Reply with a Subject line of :
SENDPIN - To send your current PIN to your email
address
NEWPIN xxxx - To set you pin to the value xxxx and confirm
by email
HELP - To receive an email with extensive
guidance
The Sendmail/Perl script would make calls such as:
Mysql -u root -p
<MySQL Password>
Use radsql
INSERT INTO radcheck (username, attribute, op, value) VALUES
('janedoe','Cleartext-Password',':=','password');
INSERT INTO radusergroup VALUES ('janedoe','dynamic',1);
QUIT
***************************************************************************************
The CBI's (Confederation of British Industry's) registered address is:
Centre Point, 103 New Oxford Street, London WC1A 1DU
Company number: RC000139
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
