On 31 Mar 2003, at 0:00, Nikhil Chauhan wrote: > > Hello: > > Is it possible that freeRadius and AP functionality (on a WLAN > NIC card) be on > > the same physical machine... > > Comments appreciated. > bhh>>> It is possible to have both Radius and an AP on the same physical machine, at least for those running a flavor of BSD. We have built one, incorporating two Network Interfaces, to research and test our wireless security technology. However, I advise that doing this for any production design would not be wise, as there in no easy way to keep the AP daemon and users in jail (insulated / isolated). A User or Trojan code could gain access to the "system's resources" through conceivably exploitable vulnerabilities in the AP application/interface, and thus attack or bypass freeradius's authentication/authorization structure.
IMO - From a security point of view, best practice is to keep the Radius Authentication/Authorization and Accounting on separate and dedicated machines. - **************************************************** Bernie Chief Technology Architect Chief Security Officer [EMAIL PROTECTED] Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
