Re: (RADIUS) Secondary radius authentication server.

Chris Adams (cadams@ro.com)
Wed, 29 Apr 1998 19:47:58 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ed Seiler: "(RADIUS) Invalid request authenticator."
Previous message: Kevin Rosenberg: "Re: (RADIUS) Secondary radius authentication server."

Once upon a time, Kevin Rosenberg wrote
> > >This would likely not work since radiusd uses a library function
> > >(getpwnam) to access the encrypted password, rather than directly reading
> > >the /etc/passwd file.
> >
> > That's why the "chrooted" bit. You setup a /foo/radius_root with all
> > the standard files:
> >
> > [ ...detailed information on how to make chroot environment work... ]
>
> I see, Chris. Thanks for the information on this. We wish to setup a
> secondary authentication server, but keep our customers out of
> /etc/passwd. I'll give your setup a try with BSD/OS v3.1

It is a bit tricky, because there is no telling what files your C
libraries want. The best way to work it out is to use "strace" or
"truss" (trace the system calls) and see what files it tries to open.
For example, for the longest time my RADIUS detail logs were timestamped
in GMT instead of localtime, because I didn't include the timezone info
file in my chroot environment.

-- 
Chris Adams - cadams@ro.com
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-radius' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Ed Seiler: "(RADIUS) Invalid request authenticator."
Previous message: Kevin Rosenberg: "Re: (RADIUS) Secondary radius authentication server."