| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The command line can reference any attributes from both check and reply pairlists using attribute macros see section Macro Substitution.
Before the execution of the program, radiusd switches to
uid and gid of the user daemon and the group daemon. You can
override these defaults by setting the variable exec-program-user
in the configuration file to a proper value.
See section The option statement.
The daemon will wait until the program terminates. The return value of its execution determines whether the entry matches. If the program exits with a nonzero code, then the match fails. If it exits with a zero code, the match succeeds. In this case the standard output of the program is read and parsed as if it were a pairlist. The attributes thus obtained are added to the entry's reply attributes.
Suppose the ‘users’ file contains the following entry:
DEFAULT Auth-Type = System,
Simultaneous-Use = 1
Exec-Program-Wait = "/usr/local/sbin/telauth \
%C{User-Name} \
%C{Calling-Station-Id}"
|
Then, upon successful matching, the program
‘/usr/local/sbin/telauth’ will be executed. It will get as its
arguments the values of the User-Name and Calling-Station-Id
attributes from the request pairs.
The ‘/usr/local/sbin/telauth’ can, for example, contain the following:
#! /bin/sh
DB=/var/db/userlist
if grep "$1:$2" $DB; then
echo "Service-Type = Login,"
echo "Session-Timeout = 1200"
exit 0
else
echo "Reply-Message = \
\"You are not authorized to log in\""
exit 1
fi
|
It is assumed that ‘/var/db/userlist’ contains a list of
username:caller-id pairs for those users that are
authorized to use login service.
This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.