Re: Radius Question

mulligan@future.incog.com
Sat, 04 Nov 1995 09:04:56 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Somebody: "Re: Radius Question"
Previous message: rich@cpp.critpath.org: "PPP Accounts"

Josh wrote:
> Done it, working, so far. Except for the unfortunate users who had a
> differnet Livingston account name than e-mail account name. Now then,
> how do I go about preventing people with extra e-mail accounts from using
> those accounts for PPP as well? In other words say user bjoe has an
> extra e-mail only account djoe (they connect as bjoe and connect to the
> pop server as djoe), how do i prevent them from connect with PPP as djoe
> as both bjoe and djoe are in my /etc/passwd file?

What if you add an entry in the users file before the DEFAULT entry for
djoe with some bogus password. Doesn't the radius code search the users
files sequentially for the first match. This way djoe wouldn't be able
to connect because he wouldn't have to correct password. Maybe entries
for root and such should also be added to the users files if you use the
DEFAULT mechanism.

It would be nice if there was a keyword for the users password that
meant that there was no access.

Seems as though there are two mode:

Only allow connections from those users that are specifically listed in
the the USERS files. All others in the PASSWORD file do not have access
by default.

Allow connections from any user listed in the PASSWORD file, except
those specifically listed in the USERS file.

geoff

Next message: Somebody: "Re: Radius Question"
Previous message: rich@cpp.critpath.org: "PPP Accounts"