(RADIATOR) Designing for security

Hugh Irvine hugh at open.com.au
Sat Jul 7 12:17:38 CDT 2001


Hello Miguel -

At 21:47 +0800 01/7/7, Miguel A.L. Paraz wrote:
>We are reimplementing our RADIATOR systems.
>
>Is it necessary to run as root if authentication is done against MySQL or
>other databases?  I think you can as long as the necesary files are
>accessible?


No you do not need to run Radiator as root.


>Are there security risks such as exploits or Denial of Service via RADIUS
>packets?
>

You should always have your main Radiator hosts behind a firewall of 
some sort, and you should also use packet filters to limit which 
hosts and/or NAS's are allowed to contact these internal hosts.

hth

Hugh

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list