|LOGIN_RADIUS(8)||System Manager's Manual||LOGIN_RADIUS(8)|
] user [
login_radiusutility contacts a RADIUS server to authenticate a user. If no class is specified, the login class will be obtained from the password database. When executed as the name login_style,
login_radiuswill request that the RADIUS server use the authentication specified by style. The options are as follows:
login_radiusutility needs to know a shared secret for each RADIUS server it talks to. Shared secrets are stored in the file /etc/raddb/servers with the format:
login_radiuswill be linked to the various mechanisms desired. For instance, to have all CRYPTOCard and ActivCard authentication take place on a remote server via the radius protocol, remove the login_activ and login_crypto modules and link login_radius to both of those names. Now when the user requests one of those authentication styles,
login_radiuswill automatically forward the request to the remote RADIUS server and request it do the requested style of authentication.
login_radiusutility uses the following RADIUS-specific /etc/login.conf variables:
login_radiuswill prompt the user for the password before sending the request (along with the password) to the RADIUS server.
login_radiusto function, the /etc/raddb directory must be owned by group “_radius” and have group-execute permissions. Likewise, the /etc/raddb/servers file must be readable by group “_radius”.
|October 2, 2015||OpenBSD-current|