Re: RADIUS passwords should be "encrypted"

alex (alex@agetech.net)
Thu, 23 May 1996 10:53:11 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Greg Fischer: "Re: Radius and time"
Previous message: Mark Teicher: "Re: Radius and time"

Joe Portman wrote:
>
> On Wed, 22 May 1996, Tom Hutton wrote:
>
> > We have made a simple modification to the ESVA radius (which adds mods to
> > how default is handled) that causes lookups of type UNIX to be searched
> > in an another password file instead of /bin/passwd.
>
> Better yet, in the gross hack category, I emacs'd the staticly linked binary
> to look in '/etx/passwd' and '/etx/shadow' on the radius server.
>
> The 'backup server' is our main user machine. So, once every few minutes
> we check to see if the password or shadow files have changed. If they
> have, then they get copied to the main radius server in /etx (not /etc).
>
> Works well, easy to scale.
>
> Later,
> -----------------------------------------------------------------------------
> Joe Portman - Alternate Access Inc. Affordable, Reliable Internet
> baron@aa.net Mercer Island: (206) 230-8732 Seattle: (206) 443-3408
> Tacoma: (206) 927-6010 Federal Way: (206) 838-8457
> Bellevue: (206) 455-8414 Olympia : (360) 458-7279
> For free trial account: set modem to 8-n-1, login as "new"
> For questions or support, call our voice line (206) 728-9585.
> -----------------------------------------------------------------------------

What steps do I need to take in order to Shadow the etc/password file so users(hackers) connot read the
password file?

-- 
....and heres the sig -> mailto:alex@agetech.net AGE Technologies

Next message: Greg Fischer: "Re: Radius and time"
Previous message: Mark Teicher: "Re: Radius and time"