(RADIATOR) Designing for security
Hugh Irvine
hugh at open.com.au
Sat Jul 7 12:17:38 CDT 2001
Hello Miguel -
At 21:47 +0800 01/7/7, Miguel A.L. Paraz wrote:
>We are reimplementing our RADIATOR systems.
>
>Is it necessary to run as root if authentication is done against MySQL or
>other databases? I think you can as long as the necesary files are
>accessible?
No you do not need to run Radiator as root.
>Are there security risks such as exploits or Denial of Service via RADIUS
>packets?
>
You should always have your main Radiator hosts behind a firewall of
some sort, and you should also use packet filters to limit which
hosts and/or NAS's are allowed to contact these internal hosts.
hth
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list