[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

newscache: Thread: plugin authentication?

[<<] [<] Page 1 of 1 [>] [>>]
Subject: plugin authentication?
From: Dan Hollis ####@####.####
Date: 30 Jan 2004 01:09:04 -0000
Message-Id: <Pine.LNX.4.44.0401291634590.6320-100000@sasami.anime.net> 
Has anyone done work on plugin authentication modules?

We'd like to authenticate users via radius.

innd's nnrpd allows you to call external program to
handle authentication via the auth: parameter.

-Dan
Subject: AW: plugin authentication?
From: Straub Herbert ####@####.####
Date: 30 Jan 2004 08:05:43 -0000
Message-Id: <3365692EA1026A498A5DB41801AE2DB50290D6CB@xcwrk2.xund.magwien.gv.at> 
The pam function is included since NewsCache 1.1.90. You should be able to
configure the pam, that newscache using radius for authentication. I doesn't
test the radius authentication with NewsCache, but i use ssh with radius
authentication.

With ./configure --help you see the building parameter enabling the pam
function. In  man newscache.conf you find pam examples. The other part is
the configuration with /etc/pam.d/newscache. 

I think, this should be working.


-----Ursprüngliche Nachricht-----
Von: Dan Hollis ####@####.#### 
Gesendet: Freitag, 30. Jänner 2004 01:39
An: ####@####.####
Betreff: plugin authentication?


Has anyone done work on plugin authentication modules?

We'd like to authenticate users via radius.

innd's nnrpd allows you to call external program to
handle authentication via the auth: parameter.

-Dan


---------------------------------------------------------------------
To unsubscribe, e-mail: ####@####.####
For additional commands, e-mail: ####@####.####
Subject: Re: AW: plugin authentication?
From: Dan Hollis ####@####.####
Date: 30 Jan 2004 08:17:05 -0000
Message-Id: <Pine.LNX.4.44.0401292340580.19529-100000@sasami.anime.net> 
What i need is something more flexible than just the pam integration.

eg i should be able to reference different radius servers or auth programs 
based on the matching section in Accesslist{}

eg something like

Client .someisp.com {
    blabla...
    Authentication program:/usr/bin/innd/radius -f someisp-radius.config
}
Client .otherisp.com {
    blabla...
    Authentication program:/usr/bin/innd/radius -f otherisp-radius.config
}
Client .somewhere.com {
    Authentication program:/usr/local/bin/someauth-program.pl
}
Client .nowhere.com {
    blabla...
    Authentication file:/usr/local/nowhere.pass
}

I don't think this is currently possible in newscache?

-Dan

On Fri, 30 Jan 2004, Straub Herbert wrote:

> The pam function is included since NewsCache 1.1.90. You should be able to
> configure the pam, that newscache using radius for authentication. I doesn't
> test the radius authentication with NewsCache, but i use ssh with radius
> authentication.
> 
> With ./configure --help you see the building parameter enabling the pam
> function. In  man newscache.conf you find pam examples. The other part is
> the configuration with /etc/pam.d/newscache. 
> 
> I think, this should be working.
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Dan Hollis ####@####.#### 
> Gesendet: Freitag, 30. Jänner 2004 01:39
> An: ####@####.####
> Betreff: plugin authentication?
> 
> 
> Has anyone done work on plugin authentication modules?
> 
> We'd like to authenticate users via radius.
> 
> innd's nnrpd allows you to call external program to
> handle authentication via the auth: parameter.
> 
> -Dan
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ####@####.####
> For additional commands, e-mail: ####@####.####
>
Subject: AW: AW: plugin authentication?
From: Straub Herbert ####@####.####
Date: 30 Jan 2004 09:44:58 -0000
Message-Id: <3365692EA1026A498A5DB41801AE2DB50290D6CD@xcwrk2.xund.magwien.gv.at> 
Yes, your are right. This is currently not possible. But i think, it can be
working:

1) Modification of NewsCache. In the client section of newscache.conf, there
must be a way to specifiy a pam service man (pam_start function). Then you
can create various /etc/pam.d/newscache1 /etc/pam.d/newscache2 etc. 

2) The /etc/pam.d/newscache1 contains a parameter, wich specific the
parameter 
conf=foo       - set the configuration filename to 'foo'.
                 Default is /etc/raddb/server

Example:
/etc/newscache.conf:

AccessList {
	Client test.test {
             allow read post
             List *
             Read *
             PostTo *
             Authentication pam(newscache1):*:*:*:
      }
	Client test2.test {
             allow read post
             List *
             Read *
             PostTo *
             Authentication pam(newscache2):*:*:*:
      }
...
}
...

The /etc/pam.d/newscache1 contains:
auth       reequired   pam_radius_auth.so conf=/etc/raddb/radius1

The /etc/pam.d/newscache2 contains:
auth       reequired   pam_radius_auth.so conf=/etc/raddb/radius2

The /etc/raddb/radius1 contains:
1.1.1.1  secret      1
1.1.1.2  secret      1

The /etc/raddb/radius2 contains:
2.2.2.1  secret      1
2.2.2.2  secret      1

Could this be working?

-----Ursprüngliche Nachricht-----
Von: Dan Hollis ####@####.#### 
Gesendet: Freitag, 30. Jänner 2004 08:47
An: Straub Herbert
Cc: ####@####.####
Betreff: Re: AW: plugin authentication?


What i need is something more flexible than just the pam integration.

eg i should be able to reference different radius servers or auth programs 
based on the matching section in Accesslist{}

eg something like

Client .someisp.com {
    blabla...
    Authentication program:/usr/bin/innd/radius -f someisp-radius.config }
Client .otherisp.com {
    blabla...
    Authentication program:/usr/bin/innd/radius -f otherisp-radius.config }
Client .somewhere.com {
    Authentication program:/usr/local/bin/someauth-program.pl
}
Client .nowhere.com {
    blabla...
    Authentication file:/usr/local/nowhere.pass
}

I don't think this is currently possible in newscache?

-Dan

On Fri, 30 Jan 2004, Straub Herbert wrote:

> The pam function is included since NewsCache 1.1.90. You should be 
> able to configure the pam, that newscache using radius for 
> authentication. I doesn't test the radius authentication with 
> NewsCache, but i use ssh with radius authentication.
> 
> With ./configure --help you see the building parameter enabling the 
> pam function. In  man newscache.conf you find pam examples. The other 
> part is the configuration with /etc/pam.d/newscache.
> 
> I think, this should be working.
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Dan Hollis ####@####.####
> Gesendet: Freitag, 30. Jänner 2004 01:39
> An: ####@####.####
> Betreff: plugin authentication?
> 
> 
> Has anyone done work on plugin authentication modules?
> 
> We'd like to authenticate users via radius.
> 
> innd's nnrpd allows you to call external program to
> handle authentication via the auth: parameter.
> 
> -Dan
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ####@####.####
> For additional commands, e-mail: ####@####.####
>
[<<] [<] Page 1 of 1 [>] [>>]
[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed
Powered by ezmlm-browse 0.20.