rlm_unix
Synopsis
The unix module retrieves passwords and updates the radutmp
module.
|
Note
|
Since version 1.1.0, the unix module does not read the
/etc/passwd, /etc/shadow, or /etc/group files. To
read and cache those files, see the passwd module.
|
Processing Sections
authorize
When listed in the authorize section, the unix module retrieves
the user’s encrypted password and places it into the
control:Crypt-Password attribute. The password is retrieved via the
getpwent() and getspwent() system calls.
Due to security restrictions, the user’s password may not be available
on modern systems. Using a database to store user
account information is recommended. The unix module should not be used.
- Return Codes
-
noopThe request did not contain auser-Nameattribute. -
notfoundTheUser-Namewas not found in the system password database. -
rejectThe user’s entry in the system password database was configured with the "deny shell", or their password has expired. -
userlockThe user’s entry in the system password database indicates that the account is locked. -
failThe module was unable to create thecontrol:Crypt-Passwordattribute. -
updatedThe "known good" password is now available in thecontrol:Crypt-Passwordattribute.
accounting
When listed in the accounting section, the unix module updates the
radwtmp file, which tracks the users who have logged into an NAS.
Using the sql module to store user login
information is recommended. The unix module should not be used.
- Return Codes
-
noopThere was no information available to record inradwtmp. -
failThe module was unable to write toradwtmp. -
okThe module successfully wrote login information toradwtmp.
Expansions
None.
Directives
- Syntax
-
radwtmp = filename
- Default
-
${logdir}/radwtmp
- Description
-
The location of the
wtmpfile. This file is used only forradlast. Ifradlastis not used, then this item can be commented out.
|
Note
|
the radwtmp file may get large! It should be rotated via cp /dev/null radwtmp or just not used.
|