On 06/22/2011 12:06 AM, Dave Kitabjian wrote: > My favorite method is to use the special RADIUS Reply-Item, > "Exec-Program". Radiator will then shell whatever you pass in as an > argument to this attribute. Very powerful; very dangerous; very cool J
> The only thing Radiator doesn't do is provide a way to change the user > under which the shell executes. Often it would be nice to use a > restricted access account. This might be possible with sudo. If you configure /etc/sudoers to allow non-privileged radiator user to call the actual program as the desired non-privileged user, that should do the trick. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
