[RADIATOR] Executing an external script from Radiator

Heikki Vatiainen hvn at open.com.au
Wed Jun 22 02:23:00 CDT 2011


On 06/22/2011 12:06 AM, Dave Kitabjian wrote:
> My favorite method is to use the special RADIUS Reply-Item,
> "Exec-Program". Radiator will then shell whatever you pass in as an
> argument to this attribute. Very powerful; very dangerous; very cool J

> The only thing Radiator doesn't do is provide a way to change the user
> under which the shell executes. Often it would be nice to use a
> restricted access account.

This might be possible with sudo. If you configure /etc/sudoers to allow
non-privileged radiator user to call the actual program as the desired
non-privileged user, that should do the trick.

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list