Re: Using Mgetty And freeRadius
Ilguiz Latypov <[EMAIL PROTECTED]> wrote: > My /etc/pam.d/login shows indirect use of /etc/pam.d/system-auth which in > turn will call /lib/security/pam_unix with the "shadow" parameter. The > latter will verify the hash of user password against /etc/shadow. > > It seems you want to pass user name and password to a RADIUS server. http://www.freeradius.org/related/ There's a PAM to RADIUS authentication module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Mgetty And freeRadius
On Sun, Aug 04, 2002 at 04:30:21AM -0400, Ilguiz Latypov wrote: > I think the mgetty program only handles indications of incoming calls by > accessing serial port. Once the CONNECT or CARRIER string is found, > mgetty will fork and execute /bin/login which will inherit the serial port > file handle as its stdin/stdout. I'm not sure if we can discuss mgetty in the freeradius-users list, but just to correct your answer I will say that mgetty can recognize different types of the calls like voice, fax, so called AutoPPP, FIDO, UUCP (with prefix in username) and "normal" terminal emulation (character based call). Mgetty then "dispatch" appropriate handler, one of them is /bin/login. So if there is pppd for Linux which can talk to (free)RADIUS it could be possible to have mgetty to differentiate call type and if it detects AutoPPP it can then dispatch RADIUS "enabled" pppd. Portslave is the "real solution", but we all know that already :-). Milan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Mgetty And freeRadius
Bikrant, On Sun, 4 Aug 2002, Bikrant Neupane wrote: > Now, I want to authenticate dialin users against the > freeradius while still using mgetty to receive the > incoming calls. I think the mgetty program only handles indications of incoming calls by accessing serial port. Once the CONNECT or CARRIER string is found, mgetty will fork and execute /bin/login which will inherit the serial port file handle as its stdin/stdout. I believe it is /bin/login that outputs user name and password prompts and reads user input. If your /bin/login is linked against libpam (type ldd /bin/login to find out), then /etc/pam.d/login contains the names of dynamically loaded PAM modules that get invoked through /bin/login's calls to libpam functions. My /etc/pam.d/login shows indirect use of /etc/pam.d/system-auth which in turn will call /lib/security/pam_unix with the "shadow" parameter. The latter will verify the hash of user password against /etc/shadow. It seems you want to pass user name and password to a RADIUS server. There is software that glues serial input/output with RADIUS interaction. I was told portslave can do that. I guess such direct coupling allows for better control over services that can be started on serial port. I.e. the RADIUS server can send a text of menu to display, and initiate different authentication methods based on user answer. I understand there is another approach where RADIUS server is used strictly for user authentication. It is sufficient to encapsulate the RADIUS protocol into a pluggable authentication module. This technique would line up well with other authentication PAMs and will have a clear scope of action. I think that pam_radius pluggable authentication module can be found in FreeRADIUS repository. I wonder if it is possible to put pam_radius into the password line in /etc/pam.d/login instead of (or in addition to) the indirect invokation of pam_unix. I had no personal experience though. Ilguiz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using Mgetty And freeRadius
Hi, I'm using mgetty for my Red Hat Linux 7.2 dialin server. This server is connected to internet via eth0 and have one modem connected to ttyS1 for dial-in. I've properly installed the freeradius and it is working fine with the test tool, radtest, that came along with the freeradius. Now, I want to authenticate dialin users against the freeradius while still using mgetty to receive the incoming calls. Is it possible to do so? or am i just wasting my time?...please help Thank you very much, Bikrant Neupane Kathmandu, Nepal __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html