> > I want to set up a secondary server, but I don't want to allow users to
> > login to it. I've seen scattered references to a "FILE" authentication
> > method, but I haven't been able to figure out what file it uses for
> > lookup, or what its format is (or even how the passwords are encrypted,
> > and thus if I can do what I want). Any help?
> The FILE type of authentication is part of Merit RADIUS (ver. 2.0 and up).
> It uses a file whose syntax matches that of the normal RADIUS users file.
> It is identified using a "prefix" (say, foobah) as the third field of the
> Merit RADIUS authfile entry for the realm "foo.bah.com" as shown below:
>
> foo.bah.com FILE foobah
>
> Then this would be accompanied by a file named "foobah.users" in the same
> directory with the authfile (and the clients, dictionary and users files).
Ah...I figured the authfile entry would resemble the above, but I
wouldn't've guessed the naming convention of the realm file. Thanks.
> Yes, passwords may or may not be encrypted in either the users file or
> the FILE users file (which we call a "realm" file) since 2.3 I think...
Okey-doke.
> > Of course, a reference for features like this would be useful...any
> > reference at ALL for the Merit server itself (not the RADIUS protocol)
> > would be nice...can't seem to find one in the distribution or at Merit
> > anywhere.
> The Merit distribution is (supposed to be) self documenting with all the
> man pages and ./doc/* files and the README* files and my TUTORIAL. But
> I have had some users complain that it is not good enough! Sheesh... ;^)
> Be sure to read the header comments in _each_ configuration file!
The files in doc/ are reasonably robust as far as documenting the RADIUS
protocol itself, but I found no documentation on implementation-specific
details like these. Personally, I'd be happy with a well-commented
list of Attribute/Value combinations describing the form and function of
each (if there's something like this already out there and I'm missing
it, show me the way). Some of this (including, I just noticed, the answer
to my question...I was using an older manpage for authfile) is scattered
throughout the manpages for the various configuration files.
The only mention of the 'FILE' authentication type in the authfile (and,
come to check, any of the sample configuration files) is:
# FILE - flat file lookup with encrypted passwords in "users" format;
README lists changes across revisions, but doesn't describe them in
depth. INSTALL gave a concise installation procedure, but didn't point
to any additional information on more involved configuration options.
TUTORIAL gives a nice overview and an interesting analogy, but didn't
provide any new information in this case. ;-)
The documentation is well-written, and, in the areas covered, thorough.
But I think there are a few gaps that need to be filled.
> I am continually trying to get all the known bugs fixed... :-)
Fine work; keep it up.
// Matt Zimmerman Chief of System Management NetRail, Inc.
// Work..........mdz@netrail.net | Play...gemini@alcor.netrail.net
// (703) 524-4800 [voice] (703) 524-4802 [data] (703) 534-5033 [fax]