Can we add the selinux policy for the db and (when it exists) the tids user writing to the db to the packaging? That would be good.
Rhys.
--
Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet, the UK's research and education network
email: [log in to unmask] / [log in to unmask]
GPG: 0x4638C985
On 27 Jun 2014, at 17:15, Stefan Paetow <[log in to unmask]> wrote:
> Please also be aware that if you run SELINUX in Enforcing mode (like some organisations do), you will need a SELINUX policy to allow FR to read the database. I have a policy file for this from Diamond (where we just traced this).
>
> I suspect that another policy will be needed to allow the TIDS user to write to the database. I don't have the policy file for that yet.
>
> Stefan
>
> ________________________________________
> From: Moonshot community list [[log in to unmask]] on behalf of Mark Donnelly [[log in to unmask]]
> Sent: 26 June 2014 18:15
> To: [log in to unmask]
> Subject: Re: psk_keys
>
> Kristof:
>
>> But I think freeradius also needs to access the database (could someone
>> explain it, please?)
>
> When some remote RADIUS system needs to authenticate a user who claims
> to be part of this identity provider's realm, that remote system has to
> obtain the credentials into this identity provider that allows it to
> submit the RADIUS request. The database is a conduit for the
> credentials; the Trust Router system generates them (in the form of the
> Temporary IDentity Server) and FreeRADIUS consumes them. The Trust
> Router systems deliver a copy of the credentials back to the remote
> RADIUS system, which then uses them to access the Identity Provider's
> FreeRADIUS system to ask about the user.
>
> Cheers,
> --Mark
>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
> not-for-profit company which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|