Bikrant,
On Sun, 4 Aug 2002, Bikrant Neupane wrote: > Now, I want to authenticate dialin users against the > freeradius while still using mgetty to receive the > incoming calls. I think the mgetty program only handles indications of incoming calls by accessing serial port. Once the CONNECT or CARRIER string is found, mgetty will fork and execute /bin/login which will inherit the serial port file handle as its stdin/stdout. I believe it is /bin/login that outputs user name and password prompts and reads user input. If your /bin/login is linked against libpam (type ldd /bin/login to find out), then /etc/pam.d/login contains the names of dynamically loaded PAM modules that get invoked through /bin/login's calls to libpam functions. My /etc/pam.d/login shows indirect use of /etc/pam.d/system-auth which in turn will call /lib/security/pam_unix with the "shadow" parameter. The latter will verify the hash of user password against /etc/shadow. It seems you want to pass user name and password to a RADIUS server. There is software that glues serial input/output with RADIUS interaction. I was told portslave can do that. I guess such direct coupling allows for better control over services that can be started on serial port. I.e. the RADIUS server can send a text of menu to display, and initiate different authentication methods based on user answer. I understand there is another approach where RADIUS server is used strictly for user authentication. It is sufficient to encapsulate the RADIUS protocol into a pluggable authentication module. This technique would line up well with other authentication PAMs and will have a clear scope of action. I think that pam_radius pluggable authentication module can be found in FreeRADIUS repository. I wonder if it is possible to put pam_radius into the password line in /etc/pam.d/login instead of (or in addition to) the indirect invokation of pam_unix. I had no personal experience though. Ilguiz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
