Getting Started with Radius

Contributed by jose on 2002-12-24 from the AAA dept.

A recent OnLamp article, tied to the release of the new RADIUS book from O'Reilly , introduces the topic. Getting Started with FreeRADIUS covers the basics of getting and installing the free RADIUS implementation. RADIUS provides authentication information for a variety of devices, and is another way to have central authentication in your hosts and servers. We have covered RADIUS in OpenBSD before, so using OpenBSD in RADIUS is possible.

Enjoy!

(Comments are closed)

Comments

By Anonymous Coward () on 2002-12-24 15:26

Interesting article. But I worry when the author of a book on matters concerned with security writes:
In fact, to minimize the permissions granted to FreeRADIUS, use the user and group "nobody."
...
Suggestion: user = nobody; group = nobody
Comments
1. By Anonymous Coward () on 2002-12-24 17:22
  
  What's wrong with that? Most daemons in obsd run as an unprivelaged user/group, how is this any different?
  Comments
  1. By Anonymous Coward () on 2002-12-24 19:43
    
    user nobody = used by default too much, so you might have several daemons using that same user. it's better if they each have their own users.
  2. By Anonymous Coward () on 2002-12-25 14:02
    
    OpenBSD uses a different unprivileged user/group for every daemon. This is much better than using nobody
    
    Comments
    
    By John Bacalle () deadly@unixen.org on 2002-12-25 15:29 http://unixen.org
    
    ?
    
    Comments
    
    By Anonymous Coward () on 2002-12-27 00:31
    
    If ever unprivileged daemon uses as nobody, one hacked daemon can influence all other daemons running as nobody. Plain simple.
    
    By John Bacalle () deadly@unixen.org on 2002-12-25 15:29 http://unixen.org
    
    ?

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]