The Unixpasswd module verifies passwords using the Unix password database.
If your host system supports getting shadow passwords using the standard
getpw*() interface, this module also supports them. The same goes for
Crypt-style MD5 passwords and NIS/NIS+.
Usage:
The module is to be run from OpenRADIUS using an interface definition
like this:
The 'Ascii' and 'Short-Attr' flags are required for any interface that
uses this module.
The module only uses the 'str' and 'User-Password' attributes from requests
sent to it; the sendattr ACL is specified for efficiency only.
Options:
The following command line options are provided:
-d
Output debugging messages on standard error (fd 2, which can
be redirected by OpenRADIUS using '-o').
Operation:
The module uses the last 'str' attribute as the username and the last
'User-Password' attribute as the plaintext password. It returns one instance of
'int', with value 1 if the credentials could be matched to the password
database and 0 otherwise.
TODO: cache the database of usernames and crypt(3)'ed passwords in a hash and
refresh it when signalled or after a configurable period. Possibly optional
using -c switch; some people may have fast getpwname() implementations or want
immediately updated passwords anyway. I would like to see some reports that it
indeed *is* slow first, though.
Distribution:
This standard module is included with the server and installed by default.