[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Fri, 28 Feb 1997, Anthony Baxter wrote:

> I find it extremely interesting that this subject comes up now.
> 
> About 10 hours ago, one of our dialup systems switched over to
> a new system which uses PAM+Radius for all user auth. This box
> serves something around 10K users or so at the moment, and has
> a 31 line passwd file (systems, and sysadmins, for ssh access). 
> The radiusd code on the radius servers looks in a big berkeley 
> DB file for each realm, which is generateed from a Real Database 
> Package. No icky flat files. This is goood.
> 
> We're passing UIDs and GIDs around as radius attributes. 
> 
> Currently, the IETF-Radius WG explicity excludes discussion of
> non-terminal server applications for radius. I'm not sure why
> this is, as it's definately useful in this case.
> 
> Yes, so is Kerberos, but using radius leverages off our existing 
> installed base of authentication servers.
> 
> The system has been in full "hurt me lots" production since 7.30am
> so far and is performing brilliantly.
> 
> The lack of a 'username->uid' lookup is a tad annoying, but not 
> really. I just do a pam_setcred() (which goes into radius) to set
> the uid to the user, and compare the uid of whatever I'm checking
> against my current uid.

Would you be willing to share more information about this?
--
      President of New Age Consulting Service, Inc.  Cleveland Ohio
             SLIP/PPP/Unix Shell   28.8k / ISDN / Leased Line
           http://www.nacs.net   info@nacs.net   (216)-524-8414



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []