Re: Radius Question

William Bulley (web@merit.edu)
Sat, 4 Nov 1995 14:46:40 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Hugh Messenger: "Re: Radius Question"
Previous message: William Bulley: "Re: Radius Question"
In reply to: Dave Andersen: "Re: Radius Question"
Next in thread: Hugh Messenger: "Re: Radius Question"

According to Dave Andersen:
>
> Couple of ways. Someone suggested using the Merit version of radius,
> which is pretty easy to do. The other way is to hack the radiusd.. there
> are good and bad ways to do this. The easy way is to modify the
> unix_pass(name, passwd) function in radiusd.c to return -1 if the users
> shell is set to a nologin type shell. This will make the portmaster not
> believe that the user is a real user -- pretty good, as far as an email
> only account is concerned.

The Merit version is easy in another way, too. (Thanks, Dave!)

The Merit version checks the system's /etc/shells file for requests
which are authenticated using the /etc/passwd file. If the user's
entry in /etc/passwd has a shell entry (like /bin/false) which is
not in the /etc/shells file, the Merit server will fail to authenticate
this user. You may have /bin/false as the user's shell for some
users whom you don't want to actually log onto your UNIX box.

Regards,

web....

-- 
William Bulley, N8NXN              Senior Systems Research Programmer
Merit Network Inc.                 Domain: web@merit.edu
4251 Plymouth Road                 MaBell: (313) 764-9993
Ann Arbor, Michigan  48105-2785    Fax:    (313) 747-3185

Next message: Hugh Messenger: "Re: Radius Question"
Previous message: William Bulley: "Re: Radius Question"
In reply to: Dave Andersen: "Re: Radius Question"
Next in thread: Hugh Messenger: "Re: Radius Question"