[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword ACL for radius account



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Walker wrote:
| Hi all,
| I need to allow my radius server's local radius userid access to
| everyones passwd in the directory for dial-up authentication.

If your radius server *really* needs to have read access to the
userPassword it is broken - you may want to investigate other radius
servers which aren't broken ...

| The
| radius account is not in the directory.
|
| Would something simple in the first acl like:  by dn="radius" read  work?

Well, assuming that it is a valid dn, and has a userpassword attribute/

|
| # ACL
| access  to attr=userPassword
|         by dn="cn=admin,o=domain"         read
|         by self         read
|         by anonymous    auth
|         by *            none
|
| access  to *
|         by *            read
|


Regards, Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA9scxrJK6UGDSBKcRAooPAJ0WespzIMs8Wb+rS/gfBnshlPu7/wCgiFBW
GQDR++ZZxwrQ/KZqqMyGeeI=
=wSu2
-----END PGP SIGNATURE-----