secondary authentication server

Carl Rigney ((no email))
Mon, 28 Apr 1997 18:37:09 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "Re: Multilink PPP (fwd)"
Previous message: Charlie Clemmer: "Re: Multilink PPP (fwd)"

rick@erienet.net asks:
> we would like to copy the /etc/passwd and /etc/shadow files from the
> primary server at regular intervals to a location other than /etc on
> the secondary server and have radius authenticate with these files
> instead of the standard /etc/passwd and /etc/shadow files.

Just edit unix_pass() in radiusd.c to fetch the user from the copied
shadow file rather than running getpwnam() and getspnam().

The way I'd do it is to create a DBM file with usernames as keys and
the encrypted passwords from the shadow file as contents, then have
unix_pass do a dbm_fetch of the password. A simple shell or PERL script
can easily convert the shadow file into DBM format.

(If you don't want to mess with DBM you could also read the shadow file
line by line looking for the user, or cache the whole thing in memory and
refresh it when you stat the shadow file and see its changed.)

--
Carl Rigney
cdr@livingston.com

Next message: MegaZone: "Re: Multilink PPP (fwd)"
Previous message: Charlie Clemmer: "Re: Multilink PPP (fwd)"