Module interface
   Packet handling


   Using VSAs
   Installing on OSX

Mailing list...


Other software...

OpenRADIUS Unixpasswd module

The Unixpasswd module verifies passwords using the Unix password database. If your host system supports getting shadow passwords using the standard getpw*() interface, this module also supports them. The same goes for Crypt-style MD5 passwords and NIS/NIS+.
The module is to be run from OpenRADIUS using an interface definition like this:
interface(name = "...",
	  prog = "unixpasswd [options]",
	  flags = Ascii + Short-Attr, 
	  sendattr = "str",
	  sendattr = "User-Password",

The 'Ascii' and 'Short-Attr' flags are required for any interface that uses this module.

The module only uses the 'str' and 'User-Password' attributes from requests sent to it; the sendattr ACL is specified for efficiency only.

The following command line options are provided:

Output debugging messages on standard error (fd 2, which can be redirected by OpenRADIUS using '-o').
The module uses the last 'str' attribute as the username and the last 'User-Password' attribute as the plaintext password. It returns one instance of 'int', with value 1 if the credentials could be matched to the password database and 0 otherwise.

TODO: cache the database of usernames and crypt(3)'ed passwords in a hash and refresh it when signalled or after a configurable period. Possibly optional using -c switch; some people may have fast getpwname() implementations or want immediately updated passwords anyway. I would like to see some reports that it indeed *is* slow first, though.

This standard module is included with the server and installed by default.

Generated on Sat Jul 2 01:18:04 2011 by /