On Monday, November 18, 2002, at 10:47 PM, Thomas Linden wrote:
Eww. You might want to look at the shadow option - ie, leave
... and I bet you're not running radiusd as root. If you can coax the
radius server to
run as root, just as a test, see what happens. If it still doesn't work
I'll be quite surprised.
yes, it works when running as root.In the meantime I found another solution: I configured the passwd file in radiusd to be /etc/master.passwd, chowned /etc/master.passwd to daemon (+ chmod 600) and run radiusd as daemon. This works well. From the security point of view this is no problem, since the radius daemon runs inside a chroot anyway.
/etc/master.passwd set to root:root, 0600, but set the shadow file
entry in radiusd.conf to /etc/master.passwd. That might work,
and it might not require radiusd to continuously run as root.
(Again, I haven't had much experience running freeradius w/
system passwords..)
Oh, and why not run this inside a jail instead of a chroot? :)
Adrian
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
