(RADIATOR) AuthType Problem
usman tahir
ukhant at apollo.net.pk
Thu Aug 2 16:23:08 CDT 2001
Hi Hugh
thanx for your help , i have a couple of questions though ..
> This is very easy to do by chaining two AuthBy clauses, like this:
>
> # define Authby clauses
>
> <AuthBy UNIX>
> Identifier CheckPassword
> Filename /etc/shadow
> </AuthBy>
>
> <AuthBy SQL>
> Identifier CheckSQL
> .....
> </AuthBy>
>
> # define Realms or Handlers
>
> <Handler .....>
> AuthByPolicy ContinueWhileAccept
> AuthBy CheckSQL
> AuthBy CheckPassword
> .....
> </Handler>
correct me if i am wrong but wont this check mysql database for
authentication and if that doesnt authenticate it will check shadow file ?
if that is the case it wont do what iam trying to acheive , let me explain ,
i want to have a Radius system in which i have Mysql which contains a table
RADUSERS with fields , Username , Check Attribute , reply Attributes etc
"BUT" no password , now i cannot import passwords from shadow file due to
certain problems like having email password requirement of beind same , so
what i was thinking was that i have a following scenario if possible
1. Have a Authby Sql statement
2. When NAS sends the request , the usernames attributes are picked up from
RADUSERS and the password is picked up from shadow.
3. Reason why i want this whole thing is that AuthBy Mysql suits me just
fine , i can have accounting database , session database , billing becomes
easy as well , Reason why i dont use password in mysql is that iam yet to
find a way to get radmin to insert encrypted password into mysql , plus
there is always the issue of popper authetication because of which i will
have to maintain two sets of passwords , so is there any soloution to that ,
if what you wrote above will work will the request first go to SQL table
pick up attributes , and because it wont find password therefore it`ll go to
shadow ? i doubt that this a right assumtion on my part :)
what happens if i set a check or reply item called Auth-Type=System , i have
one extra field in RADUSERS which contains this check/reply item , will
radiator in that case get other attributes from RADUSERS and password from
shadow ? if so how can i construct such an Authselect clause
PS : Has anyone written a perl module that inetgrates into Radmin for
entering password in encrypted form in mysql ?
usman
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list