Re: RADIUS accounting & dial on demand

Richard Huveneers (richard@hekkihek.hacom.nl)
11 Nov 1996 18:39:10 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "Re: RADIUS accounting & dial on demand (fwd)"
Previous message: Richard Huveneers: "Re: RADIUS accounting & dial on demand (fwd)"
Maybe in reply to: Richard Huveneers: "RADIUS accounting & dial on demand"

In article <199611110627.QAA13715@clothes.peg.apc.org>, adamb@peg.apc.ORG (Adam Burns) writes:
>At 08:12 PM 11/10/96 GMT, Richard Huveneers wrote:
>>
>>On another related note: since we don't run in.pmd, one of our users could
>>create a socket listening to port 1642 on our radius server.
>>Does this pose a security problem? Should we block port 1642 on the machine
>>running the radius server?
>
>I strongly suggest not running a RADIUS server on a machine that has user
>accounts.

Oops, I made a big mistake: I meant to say 'default host' instead of 'radius
server' in that part of my message. Sorry. All rlogin connections are forwarded
to that machine which of course is were our user accounts live. The pm tries
to connect to port 1642 on that machine, so any user could bind a socket to
that port.

Richard.

Next message: MegaZone: "Re: RADIUS accounting & dial on demand (fwd)"
Previous message: Richard Huveneers: "Re: RADIUS accounting & dial on demand (fwd)"
Maybe in reply to: Richard Huveneers: "RADIUS accounting & dial on demand"