- The ChangeLog should have an indication of what the current release versions are and indicate when the releases were made so as not to confuse users. - The ChangeLog should probably enumerate bugfixes instead of one generic statement time (This would work best if there was a bug tracking system for which short bugfix statements can map to a bug management system ID) - It is likely time for a bug management system - The CVS tags for specific release or pre-release versions should be published on the CVS instructions page. - The included example config file doesn't enumerate ALL of the options available for each module. - The included example config file should disable wtmp and utmp for the unix module by default (most people likely won't be using these)
- A quirk with the rlm_unix module when patched to include fget* support for FreeBSD (using the patch posted to the list, not the CVS tree) is that shadow file support doesn't exist because shadow.h doesn't exist and nor do the getsp* functions for FreeBSD. The rlm_unix module should generate an error when shadow file support is requested but unavailable. I think this extends to all config parameters. Config parameters should generate errors at startup when an unsupported parameter is set. Unimportant to actual usability of FreeRadius, but notable nontheless: - The "master" password file format for FreeBSD is not the same as /etc/passwd and /etc/shadow does not exist. FreeBSD uses instead /etc/master.passwd and builds /etc/pwd.db and /etc/spwd.db. I think other BSDs might do the same now. There is no significant speed advantage to going direct to the password databases for FreeBSD, as the system getpw* functions directly access the appropriate files. getsp* do not exist. Instead getpw*() check the euid and if the euid is 0, fill the pw_passwd field. This does mean to support FreeBSD using the system password database, radiusd must run as root. As a side note, the tools to build the pwd.db and spw.db files can get master.passwd from an alternate directory and write these two files to that same alternate directory. The same tool (pwd_mkdb) can update a single user's entry instead of the whole file. FreeBSD also supports login classes, which could be of value for decision making. The implications of all this rambling are: - On FreeBSD, radiusd MUST run as root if you want access to the system password file - On FreeBSD, enabling the cache for rlm_unix is counter-productive. It uses more resources, and introduces a delay for change propagation. Already known issues: - FreeBSD requires a compatibility module for fget* and fgetsp* as FreeBSD does not provide these functions (on purpose). - The logic for deciding when to look at the shadow file is quirky and doesn't always do as expected - I suggest a new config option that lets you set the shadow password mode to one of always, never, and auto. Possibly known issue: - When compat.c is compiled in for FreeBSD radiusd is given a HUP signal, errors parsing the users and hints files occur where no errors exist. This might also happen to 0.4 unpatched, but I am unable to use an unpatched 0.4. and finally: -0.4 is a LOT more stable than 0.3, but even quirkier --- Roy Hooper Project Manager & Senior UNIX Architect Decisive Technologies, Inc. [EMAIL PROTECTED] (613) 769-7272 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
