[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Patched radius 2.01 available ...



Hello all,

I have upgraded my set of patches to the Livingston RADIUS 2.01, and added
some new features too. In short, my patches include support for:
	- multiple sessions limits (LOGINS check item)
	- max monthly time limits (MAXTIME check item)
	- time periods logins limits (Time check item)
	- support for shadow passwords aging (EXPIRE="SHADOW" check item)
	- support for MD5 encrypted passwords (both in system's passwd
	  files and in users file)
	- support for Pluggable Autentication Modules on Linux

As some of you know, these features were present in older releases I did
for radius 2.0. Now they are patching fine against 2.01 source code, which
you will have to get separately from Livingston site.

I have added two simple perl scripts to have some examples how to work
with the internal data structures used by my patches, so you can build
your own CGI scripts for online tracking, etc.

Please send me updates, comments, ideas, etc. If you build some CGI
scripts and you would like to have them distributed with this release,
please send them along.

You can get the patches from http://sysadm.sorosis.ro/devl/radius

I have attached a copy of the UPDATES file to this message for those
interested to read more efore proceeding. About the same information is
available o the www page mentioned above.

Best wishes and good luck,

		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://sysadm.sorosis.ro/devel                         Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.


UPDATES readme for the Livingston RADIUSD 2.01
==============================================
	Cristian Gafton <gafton@sorosis.ro>

NOTE:
	If you want to have the following features working reliably on your
	system, run the radiusd server in single-thread mode (radiusd -s).

REQUIREMENTS:
	- GNU make (sorry, folks...)
	- GNU dbm  (aka gdbm)
	- an ANSI C compiler (gcc is your friend)

CHANGES TO THE NORMAL MODE OF OPERATION:
	- the default accounting directory is now /var/log/radius instead of
	  /usr/adm/radacct. Please make note of this and don't bug me on this
	  subject. You can change this in several ways:
		- using radiusd -a </your/acct/dir>
		- modify src/radius.h and recompile
		- make the necessary links on your system.
	- radiusd now is writting one radlast log file per month (automatically
	  created). Detail files are named now detail-NN, where NN is the
	  month number.
	- PARANOIA: all sources cleaned up. Now they compile cleanely with gcc and
	  the following flags:
		-D_POSIX_SOURCE -Wall -Wwrite-strings \
		-Wpointer-arith -Wcast-qual -Wcast-align \
		-Wtraditional -Wstrict-prototypes -Wmissing-prototypes \
		-Wnested-externs -Winline -Wshadow -pedantic
	- The code is now full of prototypes for all functions contained in the
	  source files. This means "Sorry if you don't have an ANSI compiler."

ADDITIONS:
	- added support for limiting the online time of some users during the
          peak hours. Added a new program called radwatch. This program is
	  intended to be run often from crontab, and used in conjunction with
	  a pm_kill program. See RADWATCH file for details.
	- added support for /etc/raddb/denyuser file. This file contains one
	  username per line. For users listed here the authentication will be 
	  denied regardless of any other settings. You can use @group instead
	  of an username to get this restriction automatically applied to all
	  members of some group (talking about UNIX user group here...)
	- a new program, 'radlist' is provided for querying the user-stats
	  database maintained by the radius server. See 'radlist -h' for more.
	- radiusd is logging with LOG_NOTICE failed authetications and their
	  reasons. (thanks to Tim Moloney <moloney@netsrq.com>)
	- radlast command provided for keeping track of the PMs usage. The
	  database used to store the information is located by default in
	  /var/log/radius/radlast (defined in radius.h). Note that this database 
	  is _not_ compatible with the standard UNIX last program. See
	  'radlast -h' for more.
	- MD5 encrypted passwords support (both in passwd file and/or users
	  file)
	- you can specify now Expire="SHADOW" as a check item to use the expiry 
	  information from the shadow file on shadowed systems (useable also on
	  DEFAULT entries)
	- added MAXTIME=integer check item to specify the max number of monthly
	  hours a user may use the system.
	- added the LOGINS=integer check item for users file. You can limit the 
	  max number of concurrent logins with this parameter. This should
	  work reliably now (if you use gdbm and single threaded mode...)
	- added support for PAM on systems which can use it. It is enabled
	  by default on Linux_2.0 and commented out for Linux_1.2. See the
	  PAM-INFO file for more details.
	- added a Time=string check-item to limit the time frame an user is
	  allowed to log in. The format is consists of days specifiers
	  followed by hors intervals, multiple values separated by commas.
	  Day specifiers are Mo, Tu, We, Th, Fr, Sa, Su and Wk meaning Mo-fr
	  and Al meaning all of them. Hours intervals are specified as 
	  HHMM-HHMM (hours_minutes). Thus, valid entries are:
		Time = "MoTuWe0800-1400,Wk2200-0400"
		Time = "Al1800-0600,Wk1000-1330"
	  ... you get the idea. PLEASE DON'T USE SPACES in the string. The
	  parser is brain dead already. :-)

BUGS FIXED:
	- fixed a bug which on some systems resulted in radiusd not seeing the
	  changes in /etc/shadow and/or /etc/passwd files. (thanks: Ray Rocker)
	  (Solution: play hard with set(pw/sp)ent() and end(pw/sp)ent()
	  functions).

THINGS YOU NEED TO KNOW:
	- radiusd is not clearing the user_stats database when restarted, thus
	  there is a possibility of hung logings and inconsistency with the real 
	  situation. There is a command line switch to enable clearing the
	  user-stats database upon startup. See 'radiusd -h' for more. (For
	  those with limited imagination, it is the '-c' flag :-)


Report bugs to Cristian Gafton <gafton@sorosis.ro>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []