Re: RADIUS accounting & dial on demand

Old Man (oldman@mitec.net)
Mon, 25 Nov 1996 10:50:21 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Olav Schettler: "Re: RADIUS accounting & dial on demand"
Previous message: MegaZone: "multiple types of DEFAULTs ? (fwd)"

On Mon, 11 Nov 1996, John G. Thompson wrote:
> On Mon, 11 Nov 1996, Adam Burns wrote:
> > At 08:12 PM 11/10/96 GMT, Richard Huveneers wrote:
> > >On another related note: since we don't run in.pmd, one of our users could
> > >create a socket listening to port 1642 on our radius server.
> > >Does this pose a security problem? Should we block port 1642 on the machine
> > >running the radius server?
> > I strongly suggest not running a RADIUS server on a machine that has user
> > accounts.
> Although the user would have to run a radiusd, the risk is till not healthy.
> I HIGHLY recommend that a radius server NOT have general users.

Do any ISPs out there have a method they use to split the radius server
and mail/web/shell server. We currently set a DEFAULT user in the users
file with authentication using /etc/passwd. Creating a user with adduser
as well as adding him/her in the users file would be alot of bother...

Thanks.

Next message: Olav Schettler: "Re: RADIUS accounting & dial on demand"
Previous message: MegaZone: "multiple types of DEFAULTs ? (fwd)"