[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



   Date: Thu, 27 Feb 1997 14:55:52 -0500 (EST)
   From: Greg Boehnlein <damin@seka.nacs.net>

    We have a situation where it would be VERY VERY VERY nice to be able to
      allow multiple shell machines to share a single RADIUS database for
      authentication purposes. Is this possible?

A Radius database may be useful for securing a terminal server, but last
I looked at their security properties, I'm not sure I'd want to use it
for securing shell machines on the network.  (The issue is that you can
assume a terminal user doesn't yet have network access to attack the
connection ot the Radius database; this isn't true if you're trying to
protect against an attacker logging into your machine from the network,
since in that case the attacker already has network access, and can
watch the network trafic between the shell machine and the Radius
server.)

						- Ted



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []