On Mon, 19 Aug 1996, MegaZone wrote:
> Once upon a time Rob Poland shaped the electrons to say...
> >1.How does a RADIUS entry look like for a PPP-user that is only
> >allowed to login on ports 4,5 and 6? Something like this doesn't work:
>
> You can't do this. RADIUS, as we provide it, does not support limiting
> users to a range of ports.
Its not too hard for a good programmer to make that modification. The
standard behavior is to require that every check item in the users file
must have an exact match in the incoming record.
Basically it works like this
loop over unmatched check-items in the record
is this attribute present in the packet the portmaster sent?
yes: is it the same value?
yes: this check-item is matched
no: authentication fails
no: authentication fails
Change the algorhythm to:
loop[1] over unmatched check-items in the record
is this attribute present in the packet the portmaster sent[*]?
yes: loop[2] over unmatched check-items of this attribute
is value[2]==value[*]?
yes: we found a match, this check-item is
matched
no: this check-item is matched (not
really, but it saves time)
did we find a match?
yes: nothing to do, we already marked them
all as matched
no: authentication fails
no: authentication fails
Then you just put one copy of the check-item for each legal port. You
could also get really fancy and modify the user parsing routines to covert
ranges into multiple instances.
Steven P. Crain scrain@shore.net
Unix Administration and Programming
North Shore Access
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Finger me for a public key.
iQB1AwUBMhnH940DAXSiDippAQHeIwL/bJjm6f5/HDdSH8OuaaaBlht9m5G7aVuH
GafX2246XsuDq0mMyiDEyzXVE97ANSk8cXgL1hFlt6GmMIFA3EZgvZsaa8Ivh333
W5x3AsF4q3EELBoJzcB1zivKdFyWyu+c
=34Wp
-----END PGP SIGNATURE-----