Annotation of embedaddon/mpd/doc/mpd31.html, revision 1.1.1.1
1.1 misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>External authentication</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
9: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
10: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
11: <b>:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
12: <b>:</b> <EM>External authentication</EM><BR>
13: <b>Previous:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A><BR>
14: <b>Next:</b> <A HREF="mpd32.html"><EM>Dynamic Authorization</EM></A>
15:
16:
17: <HR NOSHADE>
18: <H2><A NAME="31"></A>4.10.2. External authentication<A NAME="extauth"></A></H2>
19: <p>Mpd supports authentication and accounting by calling external scripts.
20: Pathes to that scripts must be specified using <code><b>set auth extauth-script ...</b></code>
21: and <code><b>set auth extacct-script ...</b></code> commands.</p>
22: <p>On invocation extauth/extacct scripts receive on stdin set of request
23: attribute:value pairs terminated by empty line and must generate
24: response in same format on stdout.</p>
25: <p>Supported attributes:
26: <pre>
27: Name Access Accounting
28: Req Resp Req Resp
29: USER_NAME + + + -
30: AUTH_TYPE + - - -
31: USER_PASSWORD + + - -
32: USER_NT_HASH - + - -
33: USER_LM_HASH - + - -
34: LINK + - + -
35: NAS_PORT + - + -
36: NAS_PORT_TYPE + - + -
37: CALLING_STATION_ID + - + -
38: CALLED_STATION_ID + - + -
39: SELF_NAME + - + -
40: PEER_NAME + - + -
41: SELF_ADDR + - + -
42: PEER_ADDR + - + -
43: PEER_PORT + - + -
44: PEER_MAC_ADDR + - + -
45: PEER_IFACE + - + -
46: PEER_IDENT + - + -
47: RESULT - + - -
48: FRAMED_IP_ADDRESS - + + -
49: PRIMARY_DNS_SERVER - + - -
50: SECONDARY_DNS_SERVER - + - -
51: PRIMARY_NBNS_SERVER - + - -
52: SECONDARY_NBNS_SERVER - + - -
53: FRAMED_ROUTE - + - -
54: FRAMED_IPV6_ROUTE - + - -
55: FRAMED_MTU - + - -
56: FRAMED_COMPRESSION - + - -
57: FRAMED_POOL - + - -
58: SESSION_TIMEOUT - + - -
59: IDLE_TIMEOUT - + - -
60: ACCT_INTERIM_INTERVAL - + - -
61: ACCT_INTERIM_LIM_RECV - + - -
62: ACCT_INTERIM_LIM_XMIT - + - -
63: REPLY_MESSAGE - + - -
64: MS_CHAP_ERROR - + - -
65: IFACE - - + -
66: IFACE_INDEX - - + -
67: BUNDLE - - + -
68: ACCT_STATUS_TYPE - - + -
69: ACCT_SESSION_ID + - + -
70: ACCT_MULTI_SESSION_ID - - + -
71: ACCT_LINK_COUNT - - + -
72: ACCT_TERMINATE_CAUSE - - + -
73: ACCT_SESSION_TIME - - + -
74: ACCT_INPUT_OCTETS - - + -
75: ACCT_INPUT_PACKETS - - + -
76: ACCT_OUTPUT_OCTETS - - + -
77: ACCT_OUTPUT_PACKETS - - + -
78: MPD_RULE - + - -
79: MPD_PIPE - + - -
80: MPD_QUEUE - + - -
81: MPD_TABLE - + - -
82: MPD_TABLE_STATIC - + - -
83: MPD_FILTER - + - -
84: MPD_LIMIT - + - -
85: MPD_INPUT_OCTETS - - + -
86: MPD_INPUT_PACKETS - - + -
87: MPD_OUTPUT_OCTETS - - + -
88: MPD_OUTPUT_PACKETS - - + -
89: MPD_ACTION - + - -
90: MPD_DROP_USER - - - +
91: MPD_IFACE_NAME - + - -
92: MPD_IFACE_DESCR - + - -
93: MPD_IFACE_GROUP - + - -
94: </pre>
95: </p>
96: <p>Attribute USER_PASSWORD provided in Access-Request only for PAP auth.
97: Attributes USER_NT_HASH and USER_LM_HASH in Access-Reply used for
98: MS-CHAP auth only.</p>
99: <p>In reply script may specify any combination of attributes it needs.
100: The only mandatory attribute in Access-Response is RESULT. RESULT must
101: be one of SUCCESS, UNDEF or FAIL. RESULT UNDEF means that mpd should
102: authenticate user itself using USER_PASSWORD/USER_NT_HASH attribute
103: supplied by script.</p>
104: <p>For description of most attributes look their RADIUS alternatives.</p>
105:
106: <HR NOSHADE>
107: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
108: <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
109: <b>:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
110: <b>:</b> <EM>External authentication</EM><BR>
111: <b>Previous:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A><BR>
112: <b>Next:</b> <A HREF="mpd32.html"><EM>Dynamic Authorization</EM></A>
113:
114:
115:
116: </BODY>
117: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>