Re: RADIUS accounting & dial on demand

John G. Thompson (jgt10@livingston.com)
Mon, 11 Nov 1996 08:43:23 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard Huveneers: "Re: RADIUS accounting & dial on demand (fwd)"
Previous message: Frank Heinzius: "Re: Radius location file (fwd)"
In reply to: Adam Burns: "Re: RADIUS accounting & dial on demand"
Next in thread: Richard Huveneers: "Re: RADIUS accounting & dial on demand"

On Mon, 11 Nov 1996, Adam Burns wrote:
>
> At 08:12 PM 11/10/96 GMT, Richard Huveneers wrote:
> >
> >On another related note: since we don't run in.pmd, one of our users could
> >create a socket listening to port 1642 on our radius server.
> >Does this pose a security problem? Should we block port 1642 on the machine
> >running the radius server?
>
> I strongly suggest not running a RADIUS server on a machine that has user
> accounts.

Although the user would have to run a radiusd, the risk is till not healthy.

I HIGHLY recommend that a radius server NOT have general users.

JGT
former firewal admin and paranoid.

--
John G. Thompson      Livingston Enterprises Inc.    Phone: (800) 458-9966
JOAT(MON)             6920-220 Koll Centre Pkwy.       Fax: (510) 426-8951
support@livingston.com Pleasanton, CA 94566      http://www.livingston.com

Next message: Richard Huveneers: "Re: RADIUS accounting & dial on demand (fwd)"
Previous message: Frank Heinzius: "Re: Radius location file (fwd)"
In reply to: Adam Burns: "Re: RADIUS accounting & dial on demand"
Next in thread: Richard Huveneers: "Re: RADIUS accounting & dial on demand"