Re: Authentication File

Robert Hiltibidal (morgan@tekfront.com)
Tue, 4 Mar 1997 09:50:01 -0600 (CST)

Actually, if you set the the users file to :
#
# This file contains security and configuration information
# for each user. The first field is the user's name and
# can be up to 8 characters in length. This is followed (on
# the same line) with the list of authentication requirements
# for that user. This can include password, comm server name,
# comm server port number, and an expiration date of the user's
# password. When an authentication request is receive from
# the comm server, these values are tested. A special user named
# "DEFAULT" can be created (and should be placed at the end of
# the user file) to specify what to do with users not contained
# in the user file. A special password of "UNIX" can be specified
# to notify the authentication server to use UNIX password (/etc/passwd)
# authentication for this user.
#
# Indented (with the tab character) lines following the first
# line indicate the configuration values to be passed back to
# the comm server to allow the initiation of a user session.
# This can include things like the PPP configuration values
# or the host to log the user onto.
#

DEFAULT Password = "UNIX"
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.0,
Framed-Routing = None,
Framed-Compression = Van-Jacobsen-TCP-IP,
Framed-MTU = 1500,
Idle-Timeout = 1800,
Session-Timeout = 18000,
Port-Limit = 1,

.....You use the /etc/passwd file and the users file. So for say 20,000
entries you are using only one entry in your users file. Your passwords
stay encrypted.

Rob

On Tue, 4 Mar 1997, Yohannes A Sulistyono wrote:

> So, do you mean we can not encrypt user password if we use file USERS?
> Also, which one is better for large amount of user (more than 8000
> users), file USERS or file /etc/passwd?
>
> Thanks in advance and regards,
> ---------------------------------------------------------------
> Yohannes Aries Sulistyono email : aries@idola.net.id
> Internet Service http://www.idola.net.id/~aries
> PT Aplikanusa Lintasarta Phone : +6221-2302345
> Menara Thamrin 12th Fl Fax : +6221-2303883
> Jl MH Thamrin kav 3 HP : 0811-142838
> JAKARTA - 10340
> INDONESIA
> ---------------------------------------------------------------
>
> On Tue, 25 Feb 1997, Walter wrote:
>
> > I don't like password files that don't have any kind of
> > encryption, so I'd go for UNIX encrypted passwords.
> > However, keep in mind that you'll need to update
> > the /etc/passwd file on your unix system (you'll NEED an unix
> > system btw) AND you radius "users" file.
> > Another thing is that Ascend ISDN terminal servers
> > don't like UNIX passwords.. (AFAIK that's what they told me)
> >
> > Keep in mind that you don't give radius callers access on your
> > unix system.. So make the default shell for every user /bin/false...
> > Also protect rlogin, ftp, etc etc ... Your system could allow
> > a valid radius user to login at your machine.
> > However, some "hacker" or collegue could just copy/print the
> > radius users file ... Image a few hundred radius accounts public
> > available :--(
> >
> > At 14:08 25-02-97 +0700, you wrote:
> > >Hi there,
> > >Can anyonw tell me which file is better for authentication, UNIX file or
> > >Radius Database file?
> > >Also, how is about the performance, security, and easy-to-maintain of
> > >that each file? Because as I look at the Radius database file (filename :
> > >users), the password is typed as clear text.
> >
> >
> > Greetinx Earthling,
> > Walter Tak
> > walter@concepts.nl
> >
>

Robert Hiltibidal Tek Frontiers
Tek Frontiers "Explore the possibilities.."
System Admin <http://www.tekfront.com>
morgan@tekfront.com (217)-241-5112

"People justify their computer for
business and education, but they
use their computer for FUN. " - Alex St John