Date: Thu, 29 Jan 1998 11:23:08 -0500 From: "Troy Settle" <rewt@i-plus.net> To: "Matt Baker" <matt@portal.net.au>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Need Unix/FreeBSD based accounting/billing software with Radius server and sql database Message-ID: <00dc01bd2cd2$2fcf48f0$3a4318d0@abyss.b.nu>
next in thread | raw e-mail | index | archive | help
From: Matt Baker <matt@portal.net.au> >> My colleague has just put radius support into pppd, and I'm about to >> review and commit it in the next couple of days. I'll also make it into >> a package so people can test it/use it in 2.2.5+ >> >> In the package I'll include ip-up/ip-down scripts, which you can use as >> models. In these scripts you could put msql statements. > >Have you looked at also doing login.c as well? >I'm at the moment using your pppkit package (works well!), which allows >for users to connect in two possible ways: >1. PAP login which is handled by pppd itself, >2. and normal login, then kick off pppd. > >This second one is used by a few of our customers using Trumpet Winsock >under Windows 3.1. > For that matter, what about finding some unused attributes in the radius spec, and just hacking up the passwd lib (libc? libutil?) so that any authentication/passwd access could be handled through radius? Kinda like how we currently have support for NIS, kerberos, etc... A single line in the passwd file could, in theory, direct any access to /etc/passwd to go to a radius server for information. Doing this, and getting it into the standard release, would allow us to set up a single authentication scheme for all kinds of uses. Access servers, pop servers, shell servers, ftp servers, etc... Then, when a client goes to authenticate a user, it sends the username/password to the server, and gets back the unix passwd entry. Overlay the local defaults on that, and presto! The user is logged in to do whatever... So, on the radius server, you would have a normal passwd file, where users have a shell of say /usr/bin/false. Then on a terminal server, you could have: +radius:server key,server name:::default class:::::/usr/bin/pppd On a shell server, you could have: +radius:server key,server name:::default class:::::/usr/local/bin/tcsh On a pop3 server, you could have: +radius:server key,server name:::default class::::: The possibilities are endless. TTFN -- Troy Settle <st@i-Plus.net> Network Administrator, iPlus Internet Services http://www.i-plus.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00dc01bd2cd2$2fcf48f0$3a4318d0>