Re: New Radius Status

Mike Jipping (jipping@cs.hope.edu)
Thu, 2 Nov 1995 20:29:06 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gary E. Miller: "Re: New Radius Status"
Previous message: Chris B. Wilson, VectorNet: "Re: New Radius Status"

On Thu, 2 Nov 1995, Ian M. Smith wrote:

> Is anybody aware of the status of the new radius server being developed by
> some of the users on this list? The features I would be interested in
> are as follows...
>
> 1. Disallow multiple logins.
> 2. Limit some users to specified times of the day.
> 3. Allow DEFAULT.xxx type entries in the users file to simplify
> choosing between shell, SLIP and PPP.
> 4. Only let one user in a specified group log in at once.

Actually, we (the Macatawa Area Free-Net) have more criteria. We've just
setup pay policies based on (1) previous use (24 hours/month), (2) number
of logins (1 per day for free) and (3) type of service (logins are free,
you pay a bit for PPP). For us, therefore, authorization goes hand in
hand with accounting, and it is insufficient to simply process the detail
file once a night to figure out how to bill the user.

So we are undertaking a major rewrite of RADIUS services. We have

+ radiusd, the authorization server, that uses the ".service" suffix
scheme to tell the PM what service to try to invoke.

+ aisd, the accounting server, that gathers data from the accounting
UDP port messages from the PM and that communicates with radiusd to
determine authorization based on usage and time of day, and

+ pmpm, the PM port monitor, that communicates with the accounting
server and monitors PM ports, shutting them down according to length
of use and idle time, and denying multiple logins

Again, we think accounting is intertwined with authorization. How else
can you enforce a policy like: "30 minutes per session, with 30 minutes
between sessions, and up to 24 hours per month" or "30 minutes per
login, and one PPP use per day free"? For example, we'd like to give
volunteers a certain amount of free time on the system, like 5 hours of
free PPP. How does that integrate with the PM?

So we feel we've got a solution. It's being written in C++ and uses ndbm
database routines. It looks like it'll work nicely.

Any suggestions?

-- Mike

-------------------------------------------------------------
Mike Jipping | jipping@cs.hope.edu
Hope College | (616) 395-7509
Department of Computer Science |

"... Dogs are the leaders of the planet. If you see two life
forms, one of them's making a poop, the other's carrying it for
him, who would you assume is in charge?"
-- Jerry Seinfeld, "SeinLanguage"

Next message: Gary E. Miller: "Re: New Radius Status"
Previous message: Chris B. Wilson, VectorNet: "Re: New Radius Status"