Date: Thu, 25 Feb 1999 12:34:27 -0500 From: Brian Cully <shmit@kublai.com> To: mike@seidata.com Cc: GVB <gvbmail@tns.net>, freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions Message-ID: <19990225123427.C10052@kublai.com> In-Reply-To: <Pine.BSF.4.05.9902250233010.25461-100000@ns1.seidata.com>; from mike@seidata.com on Thu, Feb 25, 1999 at 02:40:13AM -0500 References: <19990223192031.C50175@kublai.com> <Pine.BSF.4.05.9902250233010.25461-100000@ns1.seidata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 25, 1999 at 02:40:13AM -0500, mike@seidata.com wrote: > On Tue, 23 Feb 1999, Brian Cully wrote: > > > daemon to query directly against our provisioning system if the > > user wasn't in the password file or if his password had been > > invalidated. > > Hacked... your radiusd? Well, since we have the source, it wasn't too difficult. :-) > '...provisioning system'? Is this to say that you, perhaps, have > multiple systems, but they all end up being useless if the one, > centralized provisioning system is down? Not at all. The provisioning system pushes out new password databases every four hours, and those databases are used in the majority of the cases. However, we wanted instant provisioning as well, so when we don't find an account in our local password database, we check the provisioning system directly. This means that we only rarely hit the network for account validation, and if the provisioning system is down the only thing that fails is new account login. -bjc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990225123427.C10052>