|LOGIN_RADIUS(8)||System Manager's Manual||LOGIN_RADIUS(8)|
login_radiusutility contacts a RADIUS server to authenticate a user. If no class is specified, the login class will be obtained from the password database.
When executed as the name
login_radius will request that the RADIUS server use
the authentication specified by style.
The options are as follows:
login_radius utility needs to know a
shared secret for each RADIUS server it talks to. Shared secrets are stored
in the file /etc/raddb/servers with the format:
It is expected that rather than requesting the RADIUS style
directly (in which case the server uses a default style) that
login_radius will be linked to the various
mechanisms desired. For instance, to have all CRYPTOCard and ActivCard
authentication take place on a remote server via the radius protocol, remove
the login_activ and
login_crypto modules and link
login_radius to both of those names. Now when the
user requests one of those authentication styles,
login_radius will automatically forward the request
to the remote RADIUS server and request it do the requested style of
login_radiusutility uses the following RADIUS-specific /etc/login.conf variables:
login_radiuswill prompt the user for the password before sending the request (along with the password) to the RADIUS server.
login_radiusto function, the /etc/raddb directory must be owned by group “_radius” and have group-execute permissions. Likewise, the /etc/raddb/servers file must be readable by group “_radius”.
|October 2, 2015||OpenBSD-current|