Univention Bugzilla – Bug 56798
Use dedicated service account in univention-radius
Last modified: 2023-11-06 10:52:53 CET
We should switch from the machine account to a dedicated service account in the univention-radius auth helper (at least modules/univention/radius/networkaccess.py). Background: With Bug #56767 we want to disable access to password hashes for managed nodes. univention-radius needs access to the sambaNTPassword attribute for verification and currently does this with machine credentials. As we allow univention-radius on managed nodes, it will stop working if we implement the password hash attributes restriction for member servers.