From owner-freebsd-isp  Mon Jan 24 22:10:48 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from spooky.eis.net.au (spooky.eis.net.au [203.12.171.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7280D15382
	for <freebsd-isp@freebsd.org>; Mon, 24 Jan 2000 22:10:45 -0800 (PST)
	(envelope-from ernie@spooky.eis.net.au)
Received: (from ernie@localhost) by spooky.eis.net.au (8.9.3/8.8.3) id QAA61480 for freebsd-isp@freebsd.org; Tue, 25 Jan 2000 16:10:43 +1000 (EST)
From: Ernie Elu <ernie@spooky.eis.net.au>
Message-Id: <200001250610.QAA61480@spooky.eis.net.au>
Subject: Centralized authentication with radius
To: freebsd-isp@freebsd.org
Date: Tue, 25 Jan 2000 16:10:42 +1000 (EST)
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I am in the process of trying to move our user authentication from using the
FreeBSD /etc/passwd file to radius driveing an SQL database (possibly
ICRADIUS or cistron).

At the moment we have in the radius users file:

DEFAULT Auth-Type = System


This is because other services currently authenticate from the system
passwords, specifically:


Apache for the public_html directory access for each user
ie: http://x.y.com/~user

Cucipop for reading pop mail (Can't remember why, might be quotas)

proftpd for user to upload their pages to public_html directories but stay 
"sandboxed" so they don't peek at other directories.

radiusd for terminal server authentication.


My question is can either PAM, NIS, or some other technique be used to make 
the above daemons authenicate from a central radius server?

- Ernie.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message