Hello,
I've recently been looking into getting a FreeRADIUS server to
authenticate against the system passwd file. When I was originally
testing, it always seemed to reject my access, no matter what I tried.
So I did some searching on the lists, and found another person that was
having a similar issue. They discovered that the system only allows
root to read the shadow password file, so when radius was requesting the
password, it would get rejected.
So I changed my setup to run the radiusd daemon as root, and tested
again. Sure enough, if radiusd is run as root, I can authenticate
against the system.
So now my question is: What security concerns should I have if I run
the radiusd as root? Is there another way to do this that doesn't
require radiusd to run as root?
Basically, I just want to make sure this is the best way to authenticate
against system accounts, or if there's some other method that I've missed :)
thx!
k
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Running as root to authenticate against system accounts.. Kevin Hanser
-
