[Date Prev][Date Next]
Re: userPassword ACL for radius account
-----BEGIN PGP SIGNED MESSAGE-----
Scott Walker wrote:
| Hi all,
| I need to allow my radius server's local radius userid access to
| everyones passwd in the directory for dial-up authentication.
If your radius server *really* needs to have read access to the
userPassword it is broken - you may want to investigate other radius
servers which aren't broken ...
| radius account is not in the directory.
| Would something simple in the first acl like: by dn="radius" read work?
Well, assuming that it is a valid dn, and has a userpassword attribute/
| # ACL
| access to attr=userPassword
| by dn="cn=admin,o=domain" read
| by self read
| by anonymous auth
| by * none
| access to *
| by * read
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----