The RADIUS session module Synopsis

Module Name: Author: Cristian Gafton <gafton@redhat.com> Maintainer: Author. Management groups provided: session Cryptographically sensitive: This module does not deal with passwords Security rating: Clean code base: gcc reports 1 warning when compiling /usr/include/rpc/clnt.h. Hey, is not my fault ! System dependencies: Network aware: yes; this is a network module (independent of application). Overview of module

This module is intended to provide the session service for users autheticated with a RADIUS server. At the present stage, the only option supported is the use of the RADIUS server as an accounting server. Session component

Recognized arguments: Description: This module is intended to provide the session service for users autheticated with a RADIUS server. At the present stage, the only option supported is the use of the RADIUS server as an (There are few things which needs to be cleared out first in the PAM project until one will be able to use this module and expect it to magically start pppd in response to a RADIUS server command to use PPP for this user, or to initiate a telnet connection to another host, or to hang and call back the user using parameters provided in the RADIUS server response. Most of these things are better suited for the radius login application. I hope to make available Real Soon (tm) patches for the login apps to make it work this way.)

When opening a session, this module sends an ``Accounting-Start'' message to the RADIUS server, which will log/update/whatever a database for this user. On close, an ``Accounting-Stop'' message is sent to the RADIUS server.

This module has no other prerequisites for making it work. One can install a RADIUS server just for fun and use it as a centralized accounting server and forget about wtmp/last/sac etc. . Examples/suggested usage: For the services that need this module (/etc/pam.conf as the last line for that service (usually after the pam_unix session line): login session required pam_radius.so Replace This module make extensive use of the API provided in libpwdb 0.54preB or later. By default, it will read the radius server configuration (hostname and secret) from /etc/raddb/server. This is a default compiled into libpwdb, and curently there is no way to modify this default without recompiling libpwdb. I am working on extending the radius support from libpwdb to provide a possibility to make this runtime-configurable. Also please note that libpwdb will require also the RADIUS dictionary to be present (/etc/raddb/dictionary).