Anyone that has looked at the code has come to this conclusion. I've got
my copy of radiusd hacked up to refuse multiple logins and such, but there
is no way in hell I want anyone to see how I'm doing it. Its ugly, and
I'm only comfortable using it where I can keep a close eye on it.
Something like this needs to be implemented using local autentication
policies. Currently I've got my radiusd checking GIDs, special fields in
the password file, prefix characters to the encrypted passwords, and flat
text files with lists of 'open' accounts. All of these are 'local'
policies that apply to MY system and my system only. At best, Livingston
should make 'hooks' in radius so that people can add their own conditional
authentications.
> Anyway, I think I can safely say that, all debate aside, the demand
> for this feature is fair-to-middlin'ly huge, and it'd be pretty silly
> of us not to get round to making a reality, however non-trivial it
> is. It's just a matter of that one commodity our engineering folks
> don't have an abundance of - time.
While I agree with this, these little things are a sort of 'trial by fire'
for ISPs. I'm of the opinion that if they can't fill in the blanks and
build their own tools they have no business in this field. I'm no C
programmer but I got my shit together and solved my own problems, and
didn't fuss at someone else to make my life easier.
Rock on Livingston, and don't hesitate in the face of lusers.
| Matthew N. Dodd | winter@jurai.net | http://www.jurai.net/~winter |
| Technical Manager | mdodd@intersurf.net | http://www.intersurf.net |
| InterSurf Online | "Welcome to the net Sir, would you like a handbasket?"|