[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: userPassword ACL for radius account
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Walker wrote:
| Hi all,
| I need to allow my radius server's local radius userid access to
| everyones passwd in the directory for dial-up authentication.
If your radius server *really* needs to have read access to the
userPassword it is broken - you may want to investigate other radius
servers which aren't broken ...
| The
| radius account is not in the directory.
|
| Would something simple in the first acl like: by dn="radius" read work?
Well, assuming that it is a valid dn, and has a userpassword attribute/
|
| # ACL
| access to attr=userPassword
| by dn="cn=admin,o=domain" read
| by self read
| by anonymous auth
| by * none
|
| access to *
| by * read
|
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9scxrJK6UGDSBKcRAooPAJ0WespzIMs8Wb+rS/gfBnshlPu7/wCgiFBW
GQDR++ZZxwrQ/KZqqMyGeeI=
=wSu2
-----END PGP SIGNATURE-----