[<<] [<] Page 1 of 1 [>] [>>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
plugin authentication?
From: Dan Hollis ####@####.#### Date: 30 Jan 2004 01:09:04 -0000 Message-Id: <Pine.LNX.4.44.0401291634590.6320-100000@sasami.anime.net> Has anyone done work on plugin authentication modules? We'd like to authenticate users via radius. innd's nnrpd allows you to call external program to handle authentication via the auth: parameter. -Dan | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
AW: plugin authentication?
From: Straub Herbert ####@####.#### Date: 30 Jan 2004 08:05:43 -0000 Message-Id: <3365692EA1026A498A5DB41801AE2DB50290D6CB@xcwrk2.xund.magwien.gv.at> The pam function is included since NewsCache 1.1.90. You should be able to configure the pam, that newscache using radius for authentication. I doesn't test the radius authentication with NewsCache, but i use ssh with radius authentication. With ./configure --help you see the building parameter enabling the pam function. In man newscache.conf you find pam examples. The other part is the configuration with /etc/pam.d/newscache. I think, this should be working. -----Ursprüngliche Nachricht----- Von: Dan Hollis ####@####.#### Gesendet: Freitag, 30. Jänner 2004 01:39 An: ####@####.#### Betreff: plugin authentication? Has anyone done work on plugin authentication modules? We'd like to authenticate users via radius. innd's nnrpd allows you to call external program to handle authentication via the auth: parameter. -Dan --------------------------------------------------------------------- To unsubscribe, e-mail: ####@####.#### For additional commands, e-mail: ####@####.#### | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
Re: AW: plugin authentication?
From: Dan Hollis ####@####.#### Date: 30 Jan 2004 08:17:05 -0000 Message-Id: <Pine.LNX.4.44.0401292340580.19529-100000@sasami.anime.net> What i need is something more flexible than just the pam integration. eg i should be able to reference different radius servers or auth programs based on the matching section in Accesslist{} eg something like Client .someisp.com { blabla... Authentication program:/usr/bin/innd/radius -f someisp-radius.config } Client .otherisp.com { blabla... Authentication program:/usr/bin/innd/radius -f otherisp-radius.config } Client .somewhere.com { Authentication program:/usr/local/bin/someauth-program.pl } Client .nowhere.com { blabla... Authentication file:/usr/local/nowhere.pass } I don't think this is currently possible in newscache? -Dan On Fri, 30 Jan 2004, Straub Herbert wrote: > The pam function is included since NewsCache 1.1.90. You should be able to > configure the pam, that newscache using radius for authentication. I doesn't > test the radius authentication with NewsCache, but i use ssh with radius > authentication. > > With ./configure --help you see the building parameter enabling the pam > function. In man newscache.conf you find pam examples. The other part is > the configuration with /etc/pam.d/newscache. > > I think, this should be working. > > > -----Ursprüngliche Nachricht----- > Von: Dan Hollis ####@####.#### > Gesendet: Freitag, 30. Jänner 2004 01:39 > An: ####@####.#### > Betreff: plugin authentication? > > > Has anyone done work on plugin authentication modules? > > We'd like to authenticate users via radius. > > innd's nnrpd allows you to call external program to > handle authentication via the auth: parameter. > > -Dan > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: ####@####.#### > For additional commands, e-mail: ####@####.#### > | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subject:
AW: AW: plugin authentication?
From: Straub Herbert ####@####.#### Date: 30 Jan 2004 09:44:58 -0000 Message-Id: <3365692EA1026A498A5DB41801AE2DB50290D6CD@xcwrk2.xund.magwien.gv.at> Yes, your are right. This is currently not possible. But i think, it can be working: 1) Modification of NewsCache. In the client section of newscache.conf, there must be a way to specifiy a pam service man (pam_start function). Then you can create various /etc/pam.d/newscache1 /etc/pam.d/newscache2 etc. 2) The /etc/pam.d/newscache1 contains a parameter, wich specific the parameter conf=foo - set the configuration filename to 'foo'. Default is /etc/raddb/server Example: /etc/newscache.conf: AccessList { Client test.test { allow read post List * Read * PostTo * Authentication pam(newscache1):*:*:*: } Client test2.test { allow read post List * Read * PostTo * Authentication pam(newscache2):*:*:*: } ... } ... The /etc/pam.d/newscache1 contains: auth reequired pam_radius_auth.so conf=/etc/raddb/radius1 The /etc/pam.d/newscache2 contains: auth reequired pam_radius_auth.so conf=/etc/raddb/radius2 The /etc/raddb/radius1 contains: 1.1.1.1 secret 1 1.1.1.2 secret 1 The /etc/raddb/radius2 contains: 2.2.2.1 secret 1 2.2.2.2 secret 1 Could this be working? -----Ursprüngliche Nachricht----- Von: Dan Hollis ####@####.#### Gesendet: Freitag, 30. Jänner 2004 08:47 An: Straub Herbert Cc: ####@####.#### Betreff: Re: AW: plugin authentication? What i need is something more flexible than just the pam integration. eg i should be able to reference different radius servers or auth programs based on the matching section in Accesslist{} eg something like Client .someisp.com { blabla... Authentication program:/usr/bin/innd/radius -f someisp-radius.config } Client .otherisp.com { blabla... Authentication program:/usr/bin/innd/radius -f otherisp-radius.config } Client .somewhere.com { Authentication program:/usr/local/bin/someauth-program.pl } Client .nowhere.com { blabla... Authentication file:/usr/local/nowhere.pass } I don't think this is currently possible in newscache? -Dan On Fri, 30 Jan 2004, Straub Herbert wrote: > The pam function is included since NewsCache 1.1.90. You should be > able to configure the pam, that newscache using radius for > authentication. I doesn't test the radius authentication with > NewsCache, but i use ssh with radius authentication. > > With ./configure --help you see the building parameter enabling the > pam function. In man newscache.conf you find pam examples. The other > part is the configuration with /etc/pam.d/newscache. > > I think, this should be working. > > > -----Ursprüngliche Nachricht----- > Von: Dan Hollis ####@####.#### > Gesendet: Freitag, 30. Jänner 2004 01:39 > An: ####@####.#### > Betreff: plugin authentication? > > > Has anyone done work on plugin authentication modules? > > We'd like to authenticate users via radius. > > innd's nnrpd allows you to call external program to > handle authentication via the auth: parameter. > > -Dan > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: ####@####.#### > For additional commands, e-mail: ####@####.#### > | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[<<] [<] Page 1 of 1 [>] [>>] |