How about a password in the users file with an expiration date that's
already past? This would be a kludge, but should block access, right?
In a previous message William Bulley said:
>
> According to owner-portmaster-users@livingston.com:
> >
> > What if you add an entry in the users file before the DEFAULT entry for
> > djoe with some bogus password. Doesn't the radius code search the users
> > files sequentially for the first match. This way djoe wouldn't be able
> > to connect because he wouldn't have to correct password. Maybe entries
> > for root and such should also be added to the users files if you use the
> > DEFAULT mechanism.
>
> The Merit RADIUS version has since its inception prohibited the user
> with UID == 0 (i.e., root) from authenticating using the /etc/passwd
> file.
>
> > It would be nice if there was a keyword for the users password that
> > meant that there was no access.
>
> The Merit RADIUS version has defined a Prohibit check-item (attribute
> value 1028) for some time (twelve months?) for just this purpose.
>
> Regards,
>
> web...
>
> --
> William Bulley, N8NXN Senior Systems Research Programmer
> Merit Network Inc. Domain: web@merit.edu
> 4251 Plymouth Road MaBell: (313) 764-9993
> Ann Arbor, Michigan 48105-2785 Fax: (313) 747-3185
-----------------------+---------------------------------------------------
Charles "Chip" Yamasaki| The opinions expressed here are my own and are not
chip@osh3.OSHA.GOV | supported or even generally accepted by OSHA. :-)
-----------------------+---------------------------------------------------