rlm_unix

Alan DeKok aland at deployingradius.com
Sat Sep 6 08:12:46 CEST 2008


Mark Jones wrote:
> Was there any particular reason to remove the ability to specify what
> passwd and shadow file to use with the unix module?  

  It didn't work on some systems, and it duplicated the functionality of
the "passwd" module.

> Unless I misunderstand. the unix module can me used in the authenticate
> section where the passwd module can only be used in the authorize section.

  Exactly.  The "passwd" module is essentially a simple database.
Databases don't do authentication.

  You're probably forcing Auth-Type to each of the individual unix
modules in 1.1.x.  In 2.x, you don't need to do this.  Just list the
various "passwd" modules in the "authorize" section, and be sure that
the "pap" module is listed last.  Then, the server will figure it out.

  You can even do that in 1.1.4 or later.  Just ensure that "pap" is
listed last in "authorize", that it's also in "authenticate".  Then,
delete of the places where you set Auth-Type to the various unix modules.

  And in 2.x, the "authenticate" method has been removed from the "unix"
module.  So don't use "unix" for authentication.  Use pap.

  Alan DeKok.



More information about the Freeradius-Users mailing list