RADIUS suffix and Rlogin

Dave Pifke (dpifke@slip.net)
Tue, 10 Dec 1996 16:49:31 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "RADIUS suffix and Rlogin (fwd)"
Previous message: MegaZone: "Radius 2.0 and Realms (fwd)"
Next in thread: Jernej Romih: "Re: RADIUS suffix and Rlogin"

I'm trying to set up a group of portmasters using Livingston Radius
2.0. What I'd like to do is use "username/shell" for shell (rlogin)
logins using the RADIUS suffix option. 95% of our userbase is PPP,
so it makes sense to make it easier for THEM to login by removing any
special prefixes/suffixes for all but the remaining (and generally
more competent) 5%.

The problem is that the portmaster passes the entire login string -
including the suffix - to the host. This makes rlogin impossible,
and somewhat defeats the purpose of using suffixes.

Is there a way around this? If the response packet were to include
a User-Name attribute, would the portmaster honor it? I ask because
a possible solution to this might be to pass the value returned from
user_auth_name() back in the reply message, assuming the portmaster
would use it for the rlogin. It isn't a simple modification, so I
hestitate to spend the time doing it before asking if anyone else has
gotten around this problem before.

The only other solution I can think of is to replace Solaris's
rlogind with one for which the source code is publicly available,
and then hacking around in there.

--
Dave Pifke, dpifke@slip.net

Next message: MegaZone: "RADIUS suffix and Rlogin (fwd)"
Previous message: MegaZone: "Radius 2.0 and Realms (fwd)"
Next in thread: Jernej Romih: "Re: RADIUS suffix and Rlogin"