[Date Prev][Date Next] [Thread Prev][Thread Next]
Patched radius 2.01 available ...
- From: Cristian Gafton <gafton sorosis ro>
- To: Portmaster Users <portmaster-users livingston com>
- Cc: PAM List <pam-list redhat com>
- Subject: Patched radius 2.01 available ...
- Date: Wed, 23 Jul 1997 16:01:35 +0300 (EET DST)
I have upgraded my set of patches to the Livingston RADIUS 2.01, and added
some new features too. In short, my patches include support for:
- multiple sessions limits (LOGINS check item)
- max monthly time limits (MAXTIME check item)
- time periods logins limits (Time check item)
- support for shadow passwords aging (EXPIRE="SHADOW" check item)
- support for MD5 encrypted passwords (both in system's passwd
files and in users file)
- support for Pluggable Autentication Modules on Linux
As some of you know, these features were present in older releases I did
for radius 2.0. Now they are patching fine against 2.01 source code, which
you will have to get separately from Livingston site.
I have added two simple perl scripts to have some examples how to work
with the internal data structures used by my patches, so you can build
your own CGI scripts for online tracking, etc.
Please send me updates, comments, ideas, etc. If you build some CGI
scripts and you would like to have them distributed with this release,
please send them along.
You can get the patches from http://sysadm.sorosis.ro/devl/radius
I have attached a copy of the UPDATES file to this message for those
interested to read more efore proceeding. About the same information is
available o the www page mentioned above.
Best wishes and good luck,
Cristian Gafton firstname.lastname@example.org
Computers & Communications Center Network Administrator
http://sysadm.sorosis.ro/devel Iasi, Romania
UNIX is user friendly. It's just selective about who its friends are.
UPDATES readme for the Livingston RADIUSD 2.01
Cristian Gafton <email@example.com>
If you want to have the following features working reliably on your
system, run the radiusd server in single-thread mode (radiusd -s).
- GNU make (sorry, folks...)
- GNU dbm (aka gdbm)
- an ANSI C compiler (gcc is your friend)
CHANGES TO THE NORMAL MODE OF OPERATION:
- the default accounting directory is now /var/log/radius instead of
/usr/adm/radacct. Please make note of this and don't bug me on this
subject. You can change this in several ways:
- using radiusd -a </your/acct/dir>
- modify src/radius.h and recompile
- make the necessary links on your system.
- radiusd now is writting one radlast log file per month (automatically
created). Detail files are named now detail-NN, where NN is the
- PARANOIA: all sources cleaned up. Now they compile cleanely with gcc and
the following flags:
-D_POSIX_SOURCE -Wall -Wwrite-strings \
-Wpointer-arith -Wcast-qual -Wcast-align \
-Wtraditional -Wstrict-prototypes -Wmissing-prototypes \
-Wnested-externs -Winline -Wshadow -pedantic
- The code is now full of prototypes for all functions contained in the
source files. This means "Sorry if you don't have an ANSI compiler."
- added support for limiting the online time of some users during the
peak hours. Added a new program called radwatch. This program is
intended to be run often from crontab, and used in conjunction with
a pm_kill program. See RADWATCH file for details.
- added support for /etc/raddb/denyuser file. This file contains one
username per line. For users listed here the authentication will be
denied regardless of any other settings. You can use @group instead
of an username to get this restriction automatically applied to all
members of some group (talking about UNIX user group here...)
- a new program, 'radlist' is provided for querying the user-stats
database maintained by the radius server. See 'radlist -h' for more.
- radiusd is logging with LOG_NOTICE failed authetications and their
reasons. (thanks to Tim Moloney <firstname.lastname@example.org>)
- radlast command provided for keeping track of the PMs usage. The
database used to store the information is located by default in
/var/log/radius/radlast (defined in radius.h). Note that this database
is _not_ compatible with the standard UNIX last program. See
'radlast -h' for more.
- MD5 encrypted passwords support (both in passwd file and/or users
- you can specify now Expire="SHADOW" as a check item to use the expiry
information from the shadow file on shadowed systems (useable also on
- added MAXTIME=integer check item to specify the max number of monthly
hours a user may use the system.
- added the LOGINS=integer check item for users file. You can limit the
max number of concurrent logins with this parameter. This should
work reliably now (if you use gdbm and single threaded mode...)
- added support for PAM on systems which can use it. It is enabled
by default on Linux_2.0 and commented out for Linux_1.2. See the
PAM-INFO file for more details.
- added a Time=string check-item to limit the time frame an user is
allowed to log in. The format is consists of days specifiers
followed by hors intervals, multiple values separated by commas.
Day specifiers are Mo, Tu, We, Th, Fr, Sa, Su and Wk meaning Mo-fr
and Al meaning all of them. Hours intervals are specified as
HHMM-HHMM (hours_minutes). Thus, valid entries are:
Time = "MoTuWe0800-1400,Wk2200-0400"
Time = "Al1800-0600,Wk1000-1330"
... you get the idea. PLEASE DON'T USE SPACES in the string. The
parser is brain dead already. :-)
- fixed a bug which on some systems resulted in radiusd not seeing the
changes in /etc/shadow and/or /etc/passwd files. (thanks: Ray Rocker)
(Solution: play hard with set(pw/sp)ent() and end(pw/sp)ent()
THINGS YOU NEED TO KNOW:
- radiusd is not clearing the user_stats database when restarted, thus
there is a possibility of hung logings and inconsistency with the real
situation. There is a command line switch to enable clearing the
user-stats database upon startup. See 'radiusd -h' for more. (For
those with limited imagination, it is the '-c' flag :-)
Report bugs to Cristian Gafton <email@example.com>
[Date Prev][Date Next] [Thread Prev][Thread Next]