Re: user.service patch and statis ip's

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Matthew S. Crocker: "Re: dynamically assigned IP numbers"
• Previous message: Chris Baltas: "Re: The official word on assigned addressing - also a note on email"
• In reply to: Michael C. Nerone: "user.service patch and statis ip's"
• Next in thread: Allan C. Rubens: "Re: user.service patch and statis ip's"

When user (jdoe) wants a static IP account I setup an account
jdoe.ip which setup the statis stuff (PPP or SLIP) and I tell the user
to dial in rith jdoe.ip If they need to get into the shell (say things
are broken) he can still login susing (jdoe)

You can overide the defaults for a user by putting that users entry
BEFORE the defaults entry in the users file. jdoe.ppp will override
DEFAULT.ppp for jdoe.

> What I'd like to see is something like this entry:
>
> jdoe.SETTINGS Password="abcdefg" (or whatever)
> Framed-Address = 1.2.3.4

This is in the works.

> which would tell RADIUS that jdoe has a specified pw instead of a Unix-PW
> (no matter what the service), and it should include the address
> information in any access-accept packet (no matter what the service). If
> there's a conflict, the SETTINGS should take precedence. I'm sure people
> can see the usefulness of that, but here's a couple more things. Since
> there's now a place to keep user-centric global settings, why not include
> something like
>
> mary.SETTINGS
> User-Service-Allow = uucp,shell

This is also in the works.

> In this case, RADIUS would only allow mary to log in as mary.uucp or
> mary.shell. User-Service-Deny=uucp could also be helpful. Necessarily,
> if mary doesn't specify a service, then if there is an entry just for
> "mary" in the users file, then that service is always allowed. If there is
> DEFAULT.DEFAULT no such entry, then obviously, DEFAULT.DEFAULT will be
> allowed. You can still completely disable mary if you wish by just putting
> and password she doesn't know in mary.SETTINGS.
>
> Anyone else think this would be pretty cool, or am I all alone on this?
> I'd write it myself if I had the time and skill.

I'm working on a 'CMS' customer managment system which will be doing all
work needed to manage a user, This will not be released. However, part
of this system involves RADIUS, any patchs I make to RADIUS will be
released. I think I'll start with the merit code although I'm not sure.

-Matt

-Matthew S Crocker "The mask, given time, comes
matthew@crocker.com to be the face itself." -anonymous
*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*OS/2*
*linux*linux*linux*linux*linux*linux*linux*linux*linux*linux*linux*linux*

• Next message: Matthew S. Crocker: "Re: dynamically assigned IP numbers"
• Previous message: Chris Baltas: "Re: The official word on assigned addressing - also a note on email"
• In reply to: Michael C. Nerone: "user.service patch and statis ip's"
• Next in thread: Allan C. Rubens: "Re: user.service patch and statis ip's"