> we have 5 unix hosts on our local network. currently we have
> 2 pm-2e's which use a designated unix host as the radius server.
>
> Users are distributed un-evenly across four of the five hosts and the
> number of hosts is likely to be increase with time. However each user is
> usually assigned only ONE host as their home machine.
>
> Would it be possible, and please "how?" - to have users on these
> two portmasters be authenticated by the designated radius server,
> but the password lookup be done against their individual host
> computer systems. I do not want users to have accounts on the
> designated radius server, yet I want them to have the ability
> to telnet into their respective hosts to manually change their
> passwords.
There are many ways to do this. You will have to expend some energy
figuring it out. One way is to use a RADIUS proxy server like Merit
RADIUS (www.merit.edu). Each person's RADIUS entry would include which
host to redirect them to. You then run RADIUS on all hosts, but point the
PM at the proxy.
The other way is to have passwords for the users in the RADIUS database,
and provide a utility for them to change their password from their host.
radpass was such a utility in Liv RADIUS 1.16, but I found it required
some work to compile correctly under newer OSs. (It declares arrays
aligned for characters, but tries to cast them to ints and assign to them.
This results in a SIGBUS signal and a core dump. You have to change the
offending code to use memcpy.)
----------------------------------------------------------------------------
Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
An ISP with Excellence in the Greater Boston Area.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.