contact radiusd for authentication
utility contacts the
authenticate a user
. If no
is specified, the login class will be
obtained from the password database.
When executed as the name
authentication specified by style
The options are as follows:
- Debug mode. Output is sent to the standard output instead
of the BSD Authentication backchannel.
- Specify the service. Currently only
response are supported.
- This option and its value are ignored.
utility needs to know a shared
secret for each radius server it talks to. Shared secrets are stored in the
with the format:
It is expected that rather than requesting the radius style directly (in which
case the radiusd
server uses a default style) that login_radius
will be linked to the various mechanisms desired. For instance, to have all
CRYPTOCard and ActivCard authentication take place on a remote server via the
radius protocol, remove the login_activ
modules and link
to both of those names. Now when the
user requests one of those authentication styles,
will automatically forward the
request to the remote
it do the requested style of authentication.
utility uses the following
- Port name or number to connect to on the radius
- Hostname of the radius server to contact.
- Alternate radius server to use when the primary is not
- Comma-separated list of authentication styles that the
radius server knows about. If the user's authentication style is in this
list the challenge will be provided by the radius server. If not,
login_radius will prompt the user for the
password before sending the request (along with the password) to the
- Number of seconds to wait for a response from the radius
server. Defaults to 2 seconds.
- Number of times to attempt to contact the radius server
before giving up (or falling back to the alternate server if there is
one). Defaults to 6 tries.
- login configuration database
- list of radius servers and their associated shared
does not ship with a radius server in the
default install, however several are available via
to function, the
directory must be owned by group
“_radius” and have group-execute permissions. Likewise, the
file must be readable by group