Re: Simple RADIUS Setup

Stuart Lynne (sl@whiskey.wimsey.com)
22 Dec 1995 18:56:13 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew J. Doane: "Single username/shell/ppp/etc"
Previous message: Mike Gogulski: "Re: Simple RADIUS Setup (fwd)"
Maybe in reply to: Jim Aspinwall: "Simple RADIUS Setup"

In article <Pine.LNX.3.91.951219162230.10333B-100000@netrail.net>,
Matt Zimmerman <mdz@netrail.net> wrote:
>On Mon, 18 Dec 1995, Jim Aspinwall wrote:
>
>> Does the portmaster need to be an .rhosts user on the RADIUS server or
>> have any owner rights on the RADIUS server Unix setup?
>
>No. However, if you're using Rlogin login service, the portmaster needs
>to be a trusted (hosts.equiv) host.
>
>> Is RADIUS required to be a Root or plain user-level on the server?
>
>Since radius works on port 1645/udp, and accounting on 1646/udp, the
>RADIUS server must run as root (to listen on these (low) ports).

Reserved ports for root are < 1024.

Radius can run as anything you like, provided it has enough privilege
to access whatever information it needs to do it's job. I.e. if it needs to
read /etc/shadow it will have to have read permission.

Root is typically only required if a server needs to setuid to another
random user. E.g. telnet, ftp, rlogin, uucpd, pop, sendmail.

-- 
Stuart Lynne <sl@wimsey.com>      604-933-1000      <http://www.wimsey.com>
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00  88 EC A3 EE 2D 1C 15 68

Next message: Andrew J. Doane: "Single username/shell/ppp/etc"
Previous message: Mike Gogulski: "Re: Simple RADIUS Setup (fwd)"
Maybe in reply to: Jim Aspinwall: "Simple RADIUS Setup"