I am an ISP administrator here in Grants Pass, OR, and we currently have
a Portmaster in Portland. We are using radiusd to handle multiple users
on *multiple systems*, and looking through the current radiusd source, I
could not find something that would handle this.
What my situation is this:
I have a user "joeblow" on a system that is not running radiusd. My main
machine runs the radiusd. What my patch allows me to do is have radiusd
check other systems remotely (using a program I wrote with a supporting
library) and see if the user exists on a list of servers. If the user
exists, it sends an ACK to the Portmaster, with a Login-Host entry
pointing to the responding system. This allows for other users to login
using rlogin.
I already know it works, because I use it frequently here, and it is
foolproof. I've tested it thoroughly, and I know it works.
Here's my question: Does anyone here know of an easier way to do this
other than using ypbind and the yptools? I have tried using yp with
radiusd, and I couldn't get it to work for the life of me, so I decided
to patch it myself.
If anyone here has any solutions, please let me know. I am going to be
posting the new version of radiusd in /pub/radiusd on ftp.bitgate.com.
This should be done by Saturday, June 15th. If anyone has any questions
about the program, or the functionality, or would like to work with me on
this library, please let me know. I am always interested in a helping hand.
The library I wrote currently does not support any encryption of any
kind, thus making it a security hazard. The port has been firewalled
out, so it's useless outside of our domain. I plan on adding DES
encryption (from the radiusd source) soon. If anyone would like to help
me out, please write me here, or at khollis@bitgate.com. Thanks!
-- Ken Hollis
-- Sr. System Administrator
==============================================================================
"I may be insane, but I'm enjoying every minute of it!"