Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Feb 1999 09:17:16 +0000 (   )
From:      "Victor M. Mondragon A." <mdragon@vera.net>
To:        Chris Shenton <cshenton@uucom.com>
Cc:        GVB <gvbmail@tns.net>, freebsd-net@FreeBSD.ORG
Subject:   Re: RADIUS Solutions [synchronizing passwords across systems]
Message-ID:  <Pine.LNX.4.02.9902250828370.35945-100000@mail.vera.net>
In-Reply-To: <86lnhnu83x.fsf@samizdat.uucom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

> GVB <gvbmail@tns.net> writes:
> 
> > I will be running two FreeBSD machines for Radius Authentication.
> > Both using Meritt AAA and /etc/passwd for authentication.  What is
> > the best way to synchronize passwd files between the two systems
> > immediatly (or 5 minute incriments) upon user adds and password
> > changes, etc.  NIS? rsync? etc..


Our solution is simple and works very fast:

I wrote a simple inetd service ([getpw.c] avaliable from _me_ 
by mail request ~4K sources), which uses the getpwnam(2) function 
and a custom database #include <db.h>

Add the following line to /etc/services:
getpw           1111/tcp      #network authentication

And this one goes in /etc/inetd.conf:
getpw stream tcp nowait root /usr/libexec/tcpd /usr/sbin/getpw

Now try it using telnet 

# kill -HUP your_inetd_process_number

#telnet your.host 1111
user987                                         <-- type the username
user987:525:radius:101:Bj95X221nM:FFAAFFF8766Ag <-- you'll get this

So this means user987 has uid=525 on group=radius gid=101
                          encryped_passwd=Bj95X221nM
                          comment=FFAAFFF8766A

We use the comment filed as a 'text/hex structure' for the access
privileges for each user i.e: What WWW pages are allowed, access 
phone lines, modem use credit, use the fax-mail, is he/she a 
group/dept leader, etc.

This service can be accessed from C, perl and even shell scripts,
so it may be easy to adapt to a radius athentificator (have you 
seen the one developed in perl, I know it is in the CPAN as well
as many other radius stuff)

---------------------------------------------------------------------------
Victor Manuel Mondragon                                    mdragon@vera.net
---------------------------------------------------------------------------





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.02.9902250828370.35945-100000>