Previous Next Contents

4.4 RADIUS module

The RADIUS module is acting just as a user validation mechanism. The official Livingston radiusd 2.0 is supported, but in order to take advantage of the all information and auth tokens the radius server can provide, a session PAM module should be written, and be stacked over pam_unix.

The following should be taken into consideration when writing applications to authenticate to a radius server:

Entries supported by this database are set according to the definitions from /etc/raddb/dictionary file. Three entries have a special meaning when calling the RADIUS functions: user, passwd and pass_phrase. The passwd and pass_phrase will be wiped out by the RADIUS functions as soon as the module can dispose them. The reponse from the RADIUS server is processed and entries are set in the pwdb structure according to the names from the dictionary file.

A sample RADIUS dictionary entry list is provided here - valid for Livingston RADIUSD 2.0:


#---------------------------------------------------------------------------
#
# @(#)dictionary        1.3 10/1/96  Copyright 1991 Livingston Enterprises Inc
#
#---------------------------------------------------------------------------
#
#       This file contains dictionary translations for parsing
#       requests and generating responses.  All transactions are
#       composed of Attribute/Value Pairs.  The value of each attribute
#       is specified as one of 4 data types.  Valid data types are:
#
#       string - 0-253 octets
#       ipaddr - 4 octets in network byte order
#       integer - 32 bit value in big endian order (high byte first)
#       date - 32 bit value in big endian order - seconds since
#                                       00:00:00 GMT,  Jan.  1,  1970
#

ATTRIBUTE       User-Name               1       string
ATTRIBUTE       Password                2       string
ATTRIBUTE       CHAP-Password           3       string
ATTRIBUTE       NAS-IP-Address          4       ipaddr
ATTRIBUTE       NAS-Port                5       integer
ATTRIBUTE       Service-Type            6       integer
ATTRIBUTE       Framed-Protocol         7       integer
ATTRIBUTE       Framed-IP-Address       8       ipaddr
ATTRIBUTE       Framed-IP-Netmask       9       ipaddr
ATTRIBUTE       Framed-Routing          10      integer
ATTRIBUTE       Filter-Id               11      string
ATTRIBUTE       Framed-MTU              12      integer
ATTRIBUTE       Framed-Compression      13      integer
ATTRIBUTE       Login-IP-Host           14      ipaddr
ATTRIBUTE       Login-Service           15      integer
ATTRIBUTE       Login-TCP-Port          16      integer
ATTRIBUTE       Reply-Message           18      string
ATTRIBUTE       Callback-Number         19      string
ATTRIBUTE       Callback-Id             20      string
ATTRIBUTE       Framed-Route            22      string
ATTRIBUTE       Framed-IPX-Network      23      ipaddr
ATTRIBUTE       State                   24      string
ATTRIBUTE       Session-Timeout         27      integer
ATTRIBUTE       Idle-Timeout            28      integer
ATTRIBUTE       Termination-Action      29      integer
ATTRIBUTE       Called-Station-Id       30      string
ATTRIBUTE       Calling-Station-Id      31      string
ATTRIBUTE       Acct-Status-Type        40      integer
ATTRIBUTE       Acct-Delay-Time         41      integer
ATTRIBUTE       Acct-Input-Octets       42      integer
ATTRIBUTE       Acct-Output-Octets      43      integer
ATTRIBUTE       Acct-Session-Id         44      string
ATTRIBUTE       Acct-Authentic          45      integer
ATTRIBUTE       Acct-Session-Time       46      integer
ATTRIBUTE       Acct-Terminate-Cause    49      integer
ATTRIBUTE       NAS-Port-Type           61      integer
ATTRIBUTE       Port-Limit              62      integer


Previous Next Contents