On Wed, Nov 12, 2003 at 04:11:38AM +0100, Javier Fernández-Sanguino Peña wrote:
> On Wed, Nov 12, 2003 at 01:23:02PM +1100, Russell Coker wrote: > > Allowing a RADIUS server to authenticate local users against /etc/shadow > > is standard and expected functionality IMHO. I consider any RADIUS > > server which can't authenticate against the local accounts database to > > be severely broken. > > Well. IMHO that used to be a standard way of doing this when directories > where not available. Now it is quite common to validate against an LDAP, > MySQL or whatever server. YMMV. But you are right in that all these > implementations assume that checking against the local user database is the > default action. Even before these directories were common, it was usually preferred to have a separate database for RADIUS authentication (at least, I preferred it). -- - mdz
