Re: (ASCEND) alternative to /etc/passwd

To: "R. Marc" <rmarc@dimension.net>
Subject: Re: (ASCEND) alternative to /etc/passwd
From: Phillip Vandry <vandry@Mlink.NET>
Date: Tue, 21 Jul 1998 17:36:13 -0400 (EDT)
cc: ascend-users@bungi.com
In-reply-to: Your message of "Tue, 21 Jul 1998 00:47:40 EDT." <Pine.LNX.3.95.980721002536.20117B-100000@blah.copacetic.net>
Sender: owner-ascend-users@max.bungi.com

> I looked through the code and it (livingston/Ascend radius) and it uses
> getpwnam which on Linux/BSD/Solaris at least is hardcoded to /etc/passwd
> (unless there is some header file somewhere I don't know about).
> 
> You could write your own version of getpwnam to take a second character
> string of a password file location and then replace getpwnam in the
> source code.

If you're going to do that, you may find the function fgetpwent useful
for this purpose.

But basically that's the problem, in summary - the reason radiusd won't
easily read another file is that it is designed to work with the UNIX
users of the system on which it is run, whether they be stored in
/etc/passwd, NIS+, or some other system specific way.

> nsswitch.conf is for NIS/NIS+ which I don't think would do what you are
> trying to do here.  

Actually you could write your own user database to to be used instead of
either the "files" of "nisplus" or whatever backend in nsswitch.conf. But
not only does that seem to be overkill, but it's probably not what you're
trying to achieve here (use a separate set of users for RADIUS and UNIX).

The intent, as has been pointed out previously in this thread, is that if
you want a separate set of users, you're going to do it by including the
users right in the raddb/users file.

(If you're worried about a messy file, you can easily autogenerate it from
some kind of source file, written in, say, the m4 macro processor).

But there is another way. It requires a lot of work and I don't expect
anyone to do this, but since it's the way it should be done in an ideal
world (IMHO at least), I'm going to mention it.

- Have radiusd use PAM (Pluggable Authentication Modules) to authenticate
users instead of directly reading the user/password info and comparing it
against what the user supplied.

- Configure the PAM service to use a special authentication method, and
use that method for radiusd only. This is easy to do in /etc/pam.conf

-Phil
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

Re: (ASCEND) alternative to /etc/passwd

From: "R. Marc" <rmarc@dimension.net>

Prev by Date: Re: (ASCEND) alternative to /etc/passwd
Next by Date: Re: (ASCEND) radius: mutiple term server banners?
Prev by thread: Re: (ASCEND) alternative to /etc/passwd
Next by thread: (ASCEND) Subnet routing with a PL75
Index(es):
- Main
- Thread