Not quite sure what you mean...
> I have several projects which don't need shells but do need PPP and
> passwords. Took me a few minutes head scratching to work out
> why none of them could dial in after we recently adopted Merit.
Duh? I must be tired or missing something...
> Maybe a configurable UID range which will get authenticated regardless
> of shell? Or a configurable set of GID's? Or if the name begins with
> X and there's an R in the month?
This is the first time I've heard of this one. Maybe you are talking
about what I like to refer to as "administrative groups" (think along
the lines of UNIX groups) or a way of grouping people, is this what
you mean?
> I'd prefer not to involve yet more dictionary words and 'users' file
> exceptions.
Since we don't (yet) have "administrative groups" in Merit RADIUS, why
not put these "several projects" (assuming several == few) into a FILE
type "realm" file (i.e., users file)? You don't have to use realms,
even! Just use the NULL realm entry in the authfile and set your PPP
projects aside into a users-style file called ppp.users like this:
in the authfile:
NULL FILE ppp <optional.project.wide.filter.name>
I'm trying to come up with reasons why it might be nice to have a way
to group users "administratively" -- you know, students, management,
staff, sales, VIPs, etc... Seems like a useful concept, yes?
But maybe I've missed your point altogether...
Regards,
web...
-- William Bulley, N8NXN Senior Systems Research Programmer Merit Network Inc. Domain: web@merit.edu 4251 Plymouth Road MaBell: (313) 764-9993 Ann Arbor, Michigan 48105-2785 Fax: (313) 747-3185