|LOGIN_RADIUS(8)||System Manager's Manual||LOGIN_RADIUS(8)|
login_radiusutility contacts the radiusd daemon to authenticate a user. If no class is specified, the login class will be obtained from the password database.
When executed as the name
login_radius will request
radiusd use the
authentication specified by style.
The options are as follows:
login_radius utility needs to know a
shared secret for each radius server it talks to. Shared secrets are stored
in the file /etc/raddb/servers with the format:
It is expected that rather than requesting the radius style
directly (in which case the
radiusd server uses a
default style) that
login_radius will be linked to
the various mechanisms desired. For instance, to have all CRYPTOCard and
ActivCard authentication take place on a remote server via the radius
protocol, remove the login_activ and
login_crypto modules and link
login_radius to both of those names. Now when the
user requests one of those authentication styles,
login_radius will automatically forward the request
to the remote radiusd and
request it do the requested style of authentication.
login_radiusutility uses the following radius-specific /etc/login.conf variables:
login_radiuswill prompt the user for the password before sending the request (along with the password) to the radius server.
login_radius to function, the
/etc/raddb directory must be owned by group
“_radius” and have group-execute permissions. Likewise, the
/etc/raddb/servers file must be readable by group
|February 1, 2012||OpenBSD-5.1|