Subject: Re: BSD Authentication
To: Simon J. Gerraty <firstname.lastname@example.org>
From: Peter Seebach <email@example.com>
Date: 08/28/2003 03:36:19
In message <20030828082927.96617A60C@zen.crufty.net>, Simon J. Gerraty writes:
>login, sshd or whatever, collect username/password hand off to radius or
>tacplus (or whatever) and get back and OK as well as the name of an account
>that actually exists in /etc/passwd that should be used (since username
>does not exist outside of the radius server).
Okay, I'm a bit confused here.
>Oh, and whether _you_ have any need for that functionaility isn't relevant.
>No one is asking you to use it - just explain how BSD Auth can handle it.
>Some of us would like to keep this a useful discussion.
>And finally yes, its a real world requirement - ask anyone who
>manages more than a few hundred routers.
Hmm. I'm confused; which machine is *actually* running the login process?
I guess I'm not understanding who needs to authenticate what.
Is the intent here that I get a login prompt, and I *might* log in as a real
user, but I *might* log in as someone else, or is it that I will *always*
log in as "a radius user"?
BSD Auth has no problem at all authorizing people who aren't in /etc/passwd.
If you tell radiusd to authenticate using the login_gzornenplatz, then it'll
do whatever that does, whether or not the user exists in /etc/passwd.