RE: Linux as a radius client


Subject: RE: Linux as a radius client
From: Christopher E. Brown (cbrown@woods.net)
Date: Tue Jul 02 2002 - 14:53:07 AKDT


On Tue, 2 Jul 2002, Mike Barsalou wrote:

> Chris,
>
> I am trying to setup a Win2k box to be a radius server. I then want users
> that log into the linux box to use that radius server to authenticate
> against.
>
> Hopefully that clears it up.
>
> Mike

Ahh, ok. I will leave the whole goodthing/badthing issue alone, I
think my views on this are well known.

You are looking for the pam radius module and its docs. You of course
have to be using a Linux distro that using PAM.

A couple of things.

Make sure your important system accounts are present locally (root
authed via radius, BAD)

Pay attention to the NT side of things, there will be interesting
issues.

Using RADIUS to auth particular services (POP3/IMAP, FTP, etc) is
useful and handled via the individual daemons, doing system level
auth via RADIUS/PAM for shell users has alot of corner cases you can
get caught in. Trying to do it against a NT user database (rather
than just having the generated auth data reside on an NT based RADIUS
server) can be fun, specially dealing with the different hash types
used for passwd storage.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Tue Jul 02 2002 - 15:03:27 AKDT