October 2002
Intermediate to advanced
206 pages
8h 30m
English
Content preview from RADIUSBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Limitations of the Module
Of course, opening any sort of private system to the Web presents a smorgasbord of security concerns. While Chapter 8 serves to detail the inherent problems and limitations of the RADIUS protocol, these limitations are still present using mod_auth_radius and should be considered.
First, using static passwords over the Web is not secure. The password from the end user to the web server is sent in plain text (“in the clear,” that is) and is open to sniffing by anyone with the proper tools. This problem is exacerbated when the RADIUS server exists on the same machine as the web server. RADIUS was not designed to be directly exposed, and with script kiddies and crackers roaming about, it’s a problem you simply don’t want to have.
Second, using the same server for Web and dial-up users isn’t the best idea, either. The problem lies in this: if the cracker manages to gain access to your web site using a sniffed password, he would have no trouble actually dialing up and gaining access to your system. He can pose as anyone and this becomes a serious threat to the integrity of your network. You might say that this seems almost a direct opposite to the benefits I was preaching about previously.
However, there are ways to work around these limitations:
Use secure sockets layer (SSL) to protect the password.
If you must open the web server to the Internet, protect the site with a secure server certificate (https) and purchase an SSL certificate from one of the many providers. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.