DISCLAIMER: We are a Windows-shop, and this is our first Linux server deployment, so I'm having to ask newbie questions, sorry about that!
I have a working RADIUS server, "RADIUS01" running Centos/Freeradius. Freeradius is configured to store username and PIN-style passwords in MySQL. To go live with our RADIUS implementation, I have been tasked with making the selection of PIN's a self-service process. I'm considering an email-based approach where u...@foobar.org.uk can email p...@foobar.org.uk in order to achieve PIN maintenance. (I understand the risk of email header spoofing). Since I don't know Linux terribly well, I'm asking the group if my proposal is a sensible approach? Am I re-inventing any wheels? Should I consider an alternative method? Thanks ----------------------------------------------------------- My brief spec: RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing to monitor a predefined email account such as p...@foobar.org.uk Sending a blank email to p...@foobar.org.uk will respond with: Reply with a Subject line of : SENDPIN - To send your current PIN to your email address NEWPIN xxxx - To set you pin to the value xxxx and confirm by email HELP - To receive an email with extensive guidance The Sendmail/Perl script would make calls such as: Mysql -u root -p <MySQL Password> Use radsql INSERT INTO radcheck (username, attribute, op, value) VALUES ('janedoe','Cleartext-Password',':=','password'); INSERT INTO radusergroup VALUES ('janedoe','dynamic',1); QUIT *************************************************************************************** The CBI's (Confederation of British Industry's) registered address is: Centre Point, 103 New Oxford Street, London WC1A 1DU Company number: RC000139 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html