From owner-freebsd-questions@FreeBSD.ORG  Wed Jan  5 20:32:19 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E67CE106566B
	for <freebsd-questions@freebsd.org>;
	Wed,  5 Jan 2011 20:32:19 +0000 (UTC)
	(envelope-from wmoran@potentialtech.com)
Received: from mail.potentialtech.com (internet.potentialtech.com
	[66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id B75BF8FC13
	for <freebsd-questions@freebsd.org>;
	Wed,  5 Jan 2011 20:32:19 +0000 (UTC)
Received: from overdrive.ws.pitbpa0.priv.collaborativefusion.com
	(pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.potentialtech.com (Postfix) with ESMTPSA id 8379DF7419;
	Wed,  5 Jan 2011 15:32:18 -0500 (EST)
Date: Wed, 5 Jan 2011 15:32:17 -0500
From: Bill Moran <wmoran@potentialtech.com>
To: gahn <ipfreak@yahoo.com>
Message-Id: <20110105153217.018bd21a.wmoran@potentialtech.com>
In-Reply-To: <534524.62805.qm@web130203.mail.mud.yahoo.com>
References: <534524.62805.qm@web130203.mail.mud.yahoo.com>
Organization: Bill Moran
X-Mailer: Sylpheed 3.0.3 (GTK+ 2.20.1; amd64-portbld-freebsd8.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd general questions <freebsd-questions@freebsd.org>
Subject: Re: freebsd and
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 20:32:20 -0000


(don't see why this was on -current)

In response to gahn <ipfreak@yahoo.com>:
> hi all:
> 
> i set up the freeradius 21.100.1 on freebsd 8.1. it uses local authentication database of /etc/passwd (thanks to the previous discussions alan did with others). the problem is: it only works with the condition of the server id running as "root" instead of "freeradius" due to the one way MD5 hash of /etc/passwd file.
> 
> are there any other better ways to implement this?

a) Put the Radius server in a jail, so it can run as root without all the
   security concerns.
b) Use something other than /etc/passwd authentication

-- 
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/