Man Linux: Main Page and Category List

NAME

       radiusd_attributes - extended users attributes

DESCRIPTION

       This page describes the differences between YARD RADIUS syntax of users
       file and the ‘standard’ one of Livingston RADIUS Daemon 2.1. A complete
       description  of  the  syntax  of  that  file  is  not the scope of this
       document.

       The users text file contains security and configuration information for
       each  user.  The  first  field  is  the  user’s name and can be up to 8
       characters in length.  This is followed (on the  same  line)  with  the
       list  of  authentication  requirements for that user.  This can include
       password, comm server name, comm server port number, and an  expiration
       date  of  the  user’s  password.   When  an  authentication  request is
       received from the comm server, these values are tested.  Special  users
       named  "DEFAULT",  "DEFAULT2", "DEFAULT3" can be created (and should be
       placed at the end of the user file) to specify what to  do  with  users
       not contained in the user file.

       Indented  (with  the  tab  character)  lines  following  the first line
       indicate the configuration values to be passed back to the comm  server
       to  allow  the  initiation  of a user session.  This can include things
       like the PPP configuration values or the host to log the user onto.

       Again, a description of all attributes and values is not the  topic  of
       this  document. See NOTES section below for a complete reference about.

YARD RADIUS ATTRIBUTES

       YARD RADIUS uses some private non-protocol attributes  to  support  its
       specific features. They are integer or string attributes that you could
       set to manage in some ways user accesses:

       Yard-Simultaneous-Use:
              The maximum number of simultaneous logins for a  user.   It’s  a
              positive value.

       Yard-Time:
              It’s  a  list of the access times (week day(s) and hours) during
              which the user is authorized to login.  It is a  comma-separated
              list  of  items  such  as "Wk0800-1800,Sa0800-2400,Su0800-2400".
              Each  item  follows   a   syntax   like   "DDHHMM-HHMM",   where
              DD=Mo,Tu,We,Th,Fr,Sa,Su,Al,Wk  and  HHMM are the times of access
              in 4 characters form. ’Wk’ means all 5 weekdays (’Mo’-’Fr’)  and
              ’Al’ is the whole week.

       Yard-Max-Monthly-Time:
              The  maximum number of on-line hours the user can be on-line per
              month. It is a positive value.

       Yard-Max-Monthly-Traffic:
              The maximum number of Kbytes of traffic the  user  can  totalize
              per month. It is a positive value.

       Yard-Max-Daily-Time:

       Yard-Max-Daily-Traffic:

       Yard-Max-Yearly-Time:

       Yard-Max-Yearly-Traffic:
              At this point, all these attributes are obvious.

       Yard-Pam-Auth:
              This string is the name of the PAM authentication service to use
              instead of the default one, which is "yard".  This  is  used  to
              parse the pam.conf, or the pam.d directory to get the PAM module
              to use for auth/acct. You could prefer something like  "radius",
              for instance.

       YARD  RADIUS  extends  also the predefined values of the standard Auth-
       Type attribute, with the following ones:

       PAM    Use  PAM  authentication  module.  The  service  name  could  be
              specified  with  a  Yard-Pam-Auth  attribute  or  it implies the
              default one "yard".

       System Use system passwd file with or without shadowing. Shadow support
              should  be  enabled  when calling the ‘configure’ script only if
              your system requires the use of getspnam() in order to  get  the
              encrypted password. Not all systems that support shadow password
              have that function. If your system has a  transparent  shadowing
              support,  you do not need any specific enabling. Notably this is
              true for FreeBSD.

              If you like  so,  you  can  also  enable  ’shadow  expirations’.
              Systems  which  support  this  feature  must  have  a compatible
              getspnam() with an expiration field in the spwd structure.   So,
              enabling  this  feature  implies  enabling shadow support.  When
              shadow  expiration  is  enabled  you  can  require  system-based
              expirations   by  using  a  conventional  attribute  value  like
              Expiration="SHADOW".

       Safeword
              Not yet supported.

       Defender
              Not yet supported.

       But  for  the  above  attributes  and  values,  many  vendor   specific
       attributes  and values are parsed and legal for YARD RADIUS server. You
       can refer to the dictionary file for a complete list. Vendor attributes
       are useful only when the communication server is configured to send VSA
       mode requests. Some old communication servers could  be  unable  to  do
       this, and in that case you should modify manually the dictionary.

FILES

       /usr/conf/users
              This  file  contains  the  human readable information for users’
              accounting and authorization.

       /usr/conf/users.db
              The same of the previous one as compiled in by builddbm in  GDBM
              format.

       /usr/conf/dictionary
              This  read-only file contains the codes and formats for standard
              and vendor RADIUS protocol  attributes  and  values  along  with
              their  human  readable  representation. It is subject to change,
              due to new access server supports. It is a plain text file  with
              a pletora of comments in it.

       /usr/docs/rfc/rfc2138.txt
              Request  For  Comments  about Remote Authentication Dial In User
              Service (RADIUS).

       /usr/docs/rfc/rfc2139.txt
              Request For Comments about RADIUS Accounting.

SEE ALSO

       radiusd(8), RFC2138, RFC2139

AUTHOR

       Francesco Paolo Lovergine <francesco@yardradius.org>.

       A complete list of contributors is  contained  in  CREDITS  file.   You
       should  get  that  file  among  other ones within your distribution and
       possibly installed under /usr/docs directory

COPYRIGHT

       Copyright (C) 1992-1999 Lucent Inc. All rights reserved.

       Copyright (C) 1999-2004 Francesco Paolo Lovergine. All rights reserved.

       See  the  LICENSE  file enclosed within this software for conditions of
       use and distribution. This is a pure ISO BSD Open Source License .

NOTES

       See the RADIUS for UNIX Administrators Guide as a  complete  reference
       for  all  other  attributes  and  values.   It  is  freely available at
       http://www.livingston.com/tech/docs/manuals.html at the  time  of  this
       document.  Note  that  many vendor attributes are described only within
       vendor’s documentation.

       Currently YARD RADIUS dictionary is updated with vendor’s dictionary by
       Cisco,  Lucent,  3COM, Redback, Springtide, Nortel and possibly others,
       whenever available.