[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Fri, 28 Feb 1997, Bruno Lopes F. Cabral wrote:

> normally the clients use wwwpass or poppasswd to change
> their passwords, why not hack in them the change of
> password info for the radius server ?

Because _that_ is insecure. NIS is well known for this - ability to modify
the central databases. All the security check in this case won't suffice
_ever_. What if something wrong is happening ? You shut down the RAIUS
server until you figure out a solution ? If you are using some _secure_ 
CGI script and have a problem with that, you can shut down that separate
service and try to fix it while your business keeps going...

For what's worth, I will not be doing this hack into the RADIUS server,
nor in the RADIUS client with PAM. It is easy to do, but I won't take my
chance on providing something I don't feel is right.

Best wishes,
		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://www.sorosis.ro/~gafton                          Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []