Annotation of embedaddon/mpd/doc/mpd29.html, revision 1.1
1.1 ! misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
! 2: <HTML>
! 3: <HEAD>
! 4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
! 5: <TITLE>Authentication, Authorization and Accounting (AAA)</TITLE>
! 6: </HEAD>
! 7: <BODY text="#000000" bgcolor="#ffffff">
! 8:
! 9: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 10: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
! 11: <b>:</b> <EM>Authentication, Authorization and Accounting (AAA)</EM><BR>
! 12: <b>Previous:</b> <A HREF="mpd28.html"><EM>Interface layer</EM></A><BR>
! 13: <b>Next:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A>
! 14:
! 15:
! 16: <HR NOSHADE>
! 17: <H2><A NAME="29"></A>4.10. Authentication, Authorization and Accounting (AAA)<A NAME="auth"></A></H2>
! 18:
! 19: <p>Mpd currently supports authentication against (tried
! 20: in this order)
! 21: <A HREF="mpd31.html#extauth">extauth</A>,
! 22: <A HREF="mpd30.html#radius">radius</A>, PAM, systems password database
! 23: (<code>master.passwd</code>), OPIE and internal <code>mpd.secret</code> file.</p>
! 24: <p>This chapter describes commands that configure the Authentication
! 25: subsystem of LCP layer. All of these commands apply to the currently
! 26: active link. </p>
! 27: <p>
! 28: <dl>
! 29:
! 30: <dt><b><code>set auth authname <em>login</em></code></b><dd><p>This command sets the authentication login name associated with
! 31: the link (in multi-link PPP, though each link is authenticated
! 32: individually, they all must use the same login name). The
! 33: <code><em>login</em></code> may have a corresponding entry in
! 34: <code>mpd.secret</code>. The <code><em>login</em></code> and password
! 35: are used when the peer requires us to authenticate ourselves.</p>
! 36:
! 37: <dt><b><code>set auth password <em>password</em></code></b><dd><p>This command is normally not necessary. It causes mpd to <em>not</em>
! 38: lookup the password corresponding to <code><em>login</em></code>
! 39: in <code>mpd.secret</code>, but rather to use
! 40: <code><em>password</em></code> instead. If you're too lazy to set up
! 41: <code>mpd.secret</code> and are only dialing out, you can use this
! 42: command instead.</p>
! 43:
! 44: <dt><b><code>set auth max-logins <em>num</em> [CI]</code></b><dd><p>Limit the max. amount of concurrent logins with the same username.
! 45: If set to zero, then this feature is disabled. If CI argument is present
! 46: login comparision will ba case insensitive.</p>
! 47:
! 48: <dt><b><code>set auth acct-update <em>seconds</em></code></b><dd><p>Enables periodic accounting updates, if set to a value greater then
! 49: zero.</p>
! 50:
! 51: <dt><b><code>set auth timeout <em>seconds</em></code></b><dd><p>Sets the timeout for the whole authentication process.
! 52: It defaults to 40 seconds.
! 53: Under some circumstances the value should be changed; it usually
! 54: depends on the authentication backend and protocol.
! 55: E.g. when using EAP with a slow RADIUS server this value should be increased.</p>
! 56:
! 57: <dt><b><code><br>set auth extauth-script <em>script</em><br>
! 58: set auth extacct-script <em>script</em></code></b><dd><p>Sets scripts names for external authentication and accounting.</p>
! 59:
! 60: <dt><b><code><br>set auth enable <em>option ...</em><br>
! 61: set auth disable <em>option ...</em></code></b><dd>
! 62: </dl>
! 63: </p>
! 64:
! 65:
! 66: <p>The options available are:</p>
! 67: <p>
! 68: <dl>
! 69:
! 70: <dt><b><code>internal</code></b><dd><p>Enables authentication against the <code>mpd.secret</code> file.</p>
! 71: <p>Default <code><b>enable</b></code>.</p>
! 72:
! 73: <dt><b><code>radius-auth</code></b><dd><p>Enable authentication via RADIUS. For details see
! 74: <A HREF="mpd30.html#radius">radius</A>.</p>
! 75: <p>Default <code><b>disable</b></code>.</p>
! 76:
! 77: <dt><b><code>radius-acct</code></b><dd><p>Enable per link accounting via RADIUS. For details see
! 78: <A HREF="mpd30.html#radius">radius</A>.</p>
! 79: <p>Default <code><b>disable</b></code>.</p>
! 80:
! 81: <dt><b><code>ext-auth</code></b><dd><p>Enable authentication by calling external script.
! 82: This method pretended to be a fullfeatured alternative to the
! 83: <code><b>radius-auth</b></code>. For details see
! 84: <A HREF="mpd31.html#extauth">extauth</A>.</p>
! 85: <p>Default <code><b>disable</b></code>.</p>
! 86:
! 87: <dt><b><code>ext-acct</code></b><dd><p>Enable accounting by calling external script.
! 88: This method pretended to be a fullfeatured alternative to the
! 89: <code><b>radius-acct</b></code>. For details see
! 90: <A HREF="mpd31.html#extauth">extauth</A>.</p>
! 91: <p>Default <code><b>disable</b></code>.</p>
! 92:
! 93: <dt><b><code>pam-auth</code></b><dd><p>Enables authentication using PAM service "mpd".
! 94: This options can only be used with PAP.</p>
! 95: <p>Default <code><b>disable</b></code>.</p>
! 96:
! 97: <dt><b><code>pam-acct</code></b><dd><p>Enable accounting using PAM service "mpd".</p>
! 98: <p>Default <code><b>disable</b></code>.</p>
! 99:
! 100: <dt><b><code>system-auth</code></b><dd><p>Enables authentication against the systems password database.
! 101: This options can only be used with PAP and MS-CHAP, but not
! 102: with CHAP-MD5. If you intend to use this with MS-CHAP, then
! 103: the passwords in the <code>master.passwd</code> must be NT-Hashes.
! 104: You can enable this by putting <code>:passwd_format=nth:</code> into
! 105: your <code>/etc/login.conf</code>, but you need at least FreeBSD 5.2.</p>
! 106: <p>Default <code><b>disable</b></code>.</p>
! 107:
! 108: <dt><b><code>system-acct</code></b><dd><p>Enable accounting via utmp/wtmp.</p>
! 109: <p>Default <code><b>disable</b></code>.</p>
! 110:
! 111: <dt><b><code>opie</code></b><dd><p>Enables authentication using OPIE.
! 112: When using PAP there is nothing more todo. For all other
! 113: authentication protocols you have to put the username into
! 114: the <code>mpd.secret</code> file, but the specified password is
! 115: then interpreted as secret pass phrase. This is needed, because
! 116: Mpd must be aware of the plaintext password when using CHAP.
! 117: The (windows) endusers could generate their actual responses
! 118: themselfs using Winkey.<br>
! 119: <b>IMPORTANT</b>: Disable the internal authentication when using
! 120: OPIE and CHAP, because otherwise users are also able to authenticate
! 121: with their secret pass phrase.</p>
! 122: <p>Default <code><b>disable</b></code>.</p>
! 123:
! 124: <dt><b><code>acct-mandatory</code></b><dd><p>Makes accounting start mandatory. If enabled, on accounting start failure
! 125: connection will be dropped.</p>
! 126: <p>Default <code><b>enable</b></code>.</p>
! 127:
! 128: </dl>
! 129: </p>
! 130: <H3>4.10.1. <A HREF="mpd30.html#30">RADIUS</A></H3>
! 131: <H3>4.10.2. <A HREF="mpd31.html#31">External authentication</A></H3>
! 132: <HR NOSHADE>
! 133: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 134: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
! 135: <b>:</b> <EM>Authentication, Authorization and Accounting (AAA)</EM><BR>
! 136: <b>Previous:</b> <A HREF="mpd28.html"><EM>Interface layer</EM></A><BR>
! 137: <b>Next:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A>
! 138:
! 139:
! 140:
! 141: </BODY>
! 142: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd29.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc