Sorry, what I'm trying to ask is:
Most secure way to create a unix login whose sole function is to execute
adduser to add users to the /etc/passwd file. I'm running openbsd.
Hmmm... as I finish writing this question it looks like this is rather
off topic. Anyhows any ideas welcome.
Thanks
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming to
the final decision. Heres what I'm going to go with:
Use the UNIX password file on the machine that holds the radius server
to authenticate
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX password file on the
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX
However my concern is that MYSQL is a little bloated and would prefer
to
Bloated? How so?
How many users are we talking about here? Sounds like a decent task for
MySQL to me :) If you are worried about database size etc. I'd do a
shell script or something to throw in X number of dummy users
Thanks, I'm just thinking that mysql is a big and complex program which
offers a lot of features. Our requirements are quite specific. I'm not
saying I'm ruling out using mysql, just would like to hear whether there
are any alternatives. Also, I notice that the mysql schema has a a
users
Of
Maqbool Hashim
Sent: Wednesday, April 13, 2005 9:09 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: deployment question
Thanks, I'm just thinking that mysql is a big and complex program which
offers a lot of features. Our requirements are quite specific. I'm not
saying I'm ruling
To: freeradius-users@lists.freeradius.org
Subject: Re: deployment question
Thanks, I'm just thinking that mysql is a big and complex program which
offers a lot of features. Our requirements are quite specific. I'm not
saying I'm ruling out using mysql, just would like to hear whether there
are any
13, 2005 9:09 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: deployment question
Thanks, I'm just thinking that mysql is a big and complex program which
offers a lot of features. Our requirements are quite specific. I'm
not
saying I'm ruling out using mysql, just would like to hear
-=- Webmaster . Centralva.net ...
... [EMAIL PROTECTED] ...
... 434.385.5053 ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Maqbool Hashim
Sent: Wednesday, April 13, 2005 9:22 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: deployment question
sorry
Subject: Re: deployment question
That makes sense. So effectively the php program has a login for the
database. The user has a login for the php frontend. What the user
sees depends on the credentials he supplies to the php frontend.
Therefore the security rests with the php frontend. Right
Sent: Wednesday, April 13, 2005 9:47 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: deployment question
That makes sense. So effectively the php program has a login for the
database. The user has a login for the php frontend. What the user
sees depends on the credentials he supplies
Ldap will provide that feature for you. An openldap acl might look like
this.
access to attr=userPassword
by self write
by anonymous auth
by * none
access to dn.one=ou=useraccounts,dc=yourdomain,dc=com
by self write
by
Thats very helpful thank you. I was actually thinking of something
similar except using mysql, but obviously ldap would be better as it
directly provides that feature. However I was just reading some of the
rlm_dbm file and it seems like the ideal backend for us, as it doesn't
require any
dbm would be very fast and simple. I've never used it directly though, so
I can't provide any help. Openldap does use berkerly db as the backend db
for datastorage, so you are really just taking off a layer and making it
much simpler. Mysql even offers a berkely db backend.
You will need to
On Wed, 13 Apr 2005, Maqbool Hashim wrote:
True. Just coming back to your earlier mail:
Put the front-end on a different machine and have it only run apache.
Put the ldap server on your private network and have the radius server
and webserver with an interface on that network.
The
16 matches
Mail list logo