Passing username from radiusd to Portmaster.. how?

Matthew Zahorik (maz@albany.net)
Sun, 2 Jun 1996 04:03:57 -0400 (EDT)

I've been hacking at radiusd, and I've stumbled onto a problem.

Under our current login setup we use the SCP prefixes. (i.e. "joe"
logs you into a UNIX machine, "Pjoe" starts a PPP session, etc..)

After two years in operation, the support headaches generated by using the
prefixes is becoming significant. The support guys have had it with
questions like "I entered Pjoe@mail.albany.net into Endora [sic] and it's
still not working" and "I keep getting login rejected, but I have
"joe" typed into the username blank under 'Connect To'.. What's wrong?"

So, I hacked radiusd to ignore the "SCP", drop everything to lowercase,
and it now understands optional suffixes. The default login is now PPP.

Since PPP is the default, UNIX users will now have to log in as
"username.shell" or "username.login". Problem is, when the Portmaster
tries to rlogin, it passes "username.shell" to the UNIX host. For
example:

[.. snip, Portmaster greeting stuff ..]

[shell.albany.net] login: maz.shell
Password:
Password: <- problem #1, rlogind is asking for a password
Login incorrect <- problem #2, the username is passed as maz.shell
login: maz
Password:
Last login: Sun Jun 2 03:31:46 from pm4-albny.albany
SunOS Release 4.1.4 (MZShell) #1: Sat Apr 20 22:54:39 EDT 1996

[.. snip ..]

You have new mail
Type maz.shell unknown <- problem #3, terminal type
[magik]:3:48am:~%

Terminal type for the port is set as vt100

Everything works fine under the old setup. (Just "maz" rlogins me into
a UNIX machine perfectly, without double prompting)

I'm stumped. In the code it's not clear where the username is put into
the radius reply, if at all.

I'm hoping there is an attribute I can pass back to the portmaster to
specify the username to pass to rlogin.

Anyone run into this one before, and have a solution? Mr. Savage?

Thanks in advance.

- Matt

On a side note: Is using in.pmd an alternative to using rlogin? I
consider the "r" services major security risks, and would *love* to
disable them. Livingston... How about ssh? :)

-----------------*-----------------------------------------------------------
Matthew Zahorik /|\ Offering the finest connectivity in Albany. Shell, SLIP,
AlbanyNet //|\\ and PPP. Speeds from 1200bps to 45MBps.
maz@albany.net | Voice: 1 (518) 462 - 6262 Data: 1 (518) 463 - 3434
Info: info@albany.net Sales: sales@albany.net W^3: http://www.albany.net/
-----U-s-i-n-g---M-i-c-r-o-c-o-m---D-e-s-k-p-o-r-t-e---F-A-S-T---v-.-3-4-----