(RADIATOR) Radiator not honoring shadow attributes

Hugh Irvine hugh at open.com.au
Wed Nov 6 09:27:33 CST 2002 

Hello Mike -

You should probably use an AuthBy SYSTEM instead.

regards

Hugh


On Wednesday, November 6, 2002, at 03:54 AM, Mike Saunders wrote:

> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, November 05, 2002 10:21 AM
> To: Mike Saunders
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator not honoring shadow attributes
>
>
> Hello Mike -
>
> What exactly are you referring to as shadow attributes?
>
> regards
>
> Hugh
>
> Account is "unlocked" and works fine
> test123:Changed:11996::99999::::136461764
>
> Account is "locked" or expired.
> test123:Changed:11996::99999:::11995:136461764
>
> Notice the 11995.  It's the number of days since the UNIX epoch.  That
> entry puts the expiration on the account at November 4th, 2002.  So
> today the account *should not* be able to dial up.  However it still 
> is.
> This is from man 5 shadow on this box:
>
> SHADOW(5)                                               SHADOW(5)
>
> NAME
>        shadow - encrypted password file
>
> DESCRIPTION
>        shadow  contains  the  encrypted  password information for
>        user's accounts and optional the password  aging  informa-
>        tion.  Included is
>
>             Login name
>
>             Encrypted password
>
>             Days since Jan 1, 1970 that password was last changed
>
>             Days before password may be changed
>
>             Days after which password must be changed
>
>             Days before password is to expire that user is warned
>
>             Days after password expires that account is disabled
>
>             Days since Jan 1, 1970 that account is disabled
>
>             A reserved field
>
> So, radiator isn't honoring the shadow account disabled field.  Any
> ideas on how to make it do this, or do we need to use a different Auth
> mechanism?
>
> -Mike Saunders
>
> Mike Saunders
> Systems Administration
> Magic Internet Services, Inc.
> (701) 838-1265
> (701) 857-0238 (voicemail)
> msaunders at minot.com
> http://www.minot.com
>
>
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list