rlm_unixSection: FreeRADIUS Module (5)Updated: 5 February 2004 |
NAME
rlm_unix - FreeRADIUS ModuleDESCRIPTION
The rlm_unix module allows authentication against the system password, shadow, and group files. It also provides FreeRADIUS an interface into a radwtmp file (used by "radlast") when added to the accounting section.The rlm_unix module provides the functionality for "Auth-Type = System", rather than "Auth-Type = Unix". The "System" name is used for historical reasons.
The main configuration items to be aware of are:
- cache
- This is a 'yes' or 'no' option. If set to yes, FreeRADIUS will read the system files into memory, rather than perform a system call to lookup the information. On *BSD systems, you should set this value to no. On other systems, if you have a very large passwd and shadow files, you can try setting this to yes, which may increase the servers performance. The default is no.
- cache_reload
- This is the number of seconds to wait between refreshing the cached files from the system. It has no effect unless you enable caching.
- passwd
- The path to the system passwd file. Usually /etc/passwd. If commented out, or not set, the server will retrieve the information via systemcalls.
- shadow
- The path to the system shadow file. Usually /etc/shadow. This is not set by default.
- group
- The path to the system group file. Usually /etc/group. This is not set by default.
- radwtmp
- The path to the system wtmp file to be used for keeping the database of online users as read by the 'radlast' program.
- usegroup
- This is a 'yes' or 'no' option. If set to 'yes' this allows the Group attribute to be used as a check item. Default is 'no'.
CONFIGURATION
modules {
...
unix {
cache = no
cache_reload = 600
#passwd = /etc/passwd
#shadow = /etc/shadow
#group = /etc/group
usegroup = no
radwtmp = ${logdir}/radwtmp
}
...
}
SECTIONS
authentication, accountingFILES
/etc/raddb/radiusd.conf,SEE ALSO
radiusd(8), radiusd.conf(5), radlast(1)AUTHORS
Chris Parker, cparker@segv.org