Date: Fri, 6 Mar 1998 09:48:11 -0500 (EST) From: William Bulley <web@merit.edu> To: abial@nask.pl (Andrzej Bialecki) Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Merit Radius and password changing Message-ID: <199803061448.JAA22002@ohm.merit.edu> In-Reply-To: <Pine.NEB.3.95.980306150920.19283A-100000@korin.warman.org.pl> from "Andrzej Bialecki" at Mar 6, 98 03:20:03 pm
next in thread | previous in thread | raw e-mail | index | archive | help
According to Andrzej Bialecki: > > I have several questions concerning Merit Radius v. 3.5.6: Then send them to aaa-support@merit.edu as is clearly suggested on our WWW pages at the following URL: :-) http://www.merit.edu/aaa/ > * I want Radius to use its 'users' database only to authenticate users > (not unix passwords). But I don't want to store plaintext passwords there. > Is there any option to store encrypted passwords in 'users' file? The Merit AAA Server has long supported an Ecrypted-Password check-item. > * I also want to allow users to change their passwords (remember, they are > not Unix passwords, so this is not going to be passwd(1)). How can I do > this without manually editing 'users' file and restarting server? This is the $64,000 question that has plagued the RADIUS protocol and IETF RADIUS Working Group discussions for years. I would recommend using Kerberos (which has mechanisms for users to remotely change their passwords). The Merit AAA Server supports Kerberos BTW. > * What's more, I want to do this using DBM version of the server (and I > don't want to run 'builddbm' each time; besides, I think the 'radpass' > example program will change only the memory cached version of user's > password, and the version in 'users' file will remain unchanged, and when > the daemon restarts it will read in the old password, right? But > (obviously) I want the change to be permanent :-)) The support for DBM/NDBM/etc. and builddbm in the Merit AAA Server is weak. We cache all the of configuration files and therefore we see little benefit from the use of builddbm (and don't deal with it) or any access to the disk to get user profiles (since it is all in memory). The fact that radpass and builddbm are in there at all is for historical reasons. We used to track the Livingston (now Lucent) server software very closely.... Regards, web... -- William Bulley Senior Systems Research Programmer Merit Network, Inc. Email: web@merit.edu 4251 Plymouth Road, Suite C Phone: (734) 764-9993 Ann Arbor, Michigan 48105-2785 Fax: (734) 647-3185 [ If the voluptuous Star Trek Voyager Borg queen, Seven of Nine, was to have ] [ a child with the noted Vulcan scientist and mathematician, Mr. Spock, then ] [ would their offspring perhaps be named 2.71828... of 3.14159... (e of pi)? ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803061448.JAA22002>