[BACK]Return to mpd31.html CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc / mpd31.html
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Mon Jul 22 08:44:30 2013 UTC (10 years, 11 months ago) by misho
Branches: mpd, MAIN
CVS tags: v5_7p0, v5_7, HEAD
5.7

    1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    2: <HTML>
    3: <HEAD>
    4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    5: <TITLE>External authentication</TITLE>
    6: </HEAD>
    7: <BODY text="#000000" bgcolor="#ffffff">
    8: 
    9: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
   10:  <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
   11:  <b>:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
   12:  <b>:</b> <EM>External authentication</EM><BR>
   13: <b>Previous:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A><BR>
   14: <b>Next:</b> <A HREF="mpd32.html"><EM>Dynamic Authorization</EM></A>
   15: 
   16: 
   17: <HR NOSHADE>
   18:   <H2><A NAME="31"></A>4.10.2. External authentication<A NAME="extauth"></A></H2>
   19: <p>Mpd supports authentication and accounting by calling external scripts. 
   20: Pathes to that scripts must be specified using <code><b>set auth extauth-script ...</b></code>
   21: and <code><b>set auth extacct-script ...</b></code> commands.</p>
   22: <p>On invocation extauth/extacct scripts receive on stdin set of request 
   23: attribute:value pairs terminated by empty line and must generate
   24: response in same format on stdout.</p>
   25: <p>Supported attributes:
   26: <pre>
   27: Name                       	   Access	 Accounting
   28: 	                	Req	Resp	Req	Resp
   29: USER_NAME			+	+	+	-
   30: AUTH_TYPE			+	-	-	-
   31: USER_PASSWORD			+	+	-	-
   32: USER_NT_HASH			-	+	-	-
   33: USER_LM_HASH			-	+	-	-
   34: LINK				+	-	+	-
   35: NAS_PORT			+	-	+	-
   36: NAS_PORT_TYPE			+	-	+	-
   37: CALLING_STATION_ID		+	-	+	-
   38: CALLED_STATION_ID		+	-	+	-
   39: SELF_NAME			+	-	+	-
   40: PEER_NAME			+	-	+	-
   41: SELF_ADDR			+	-	+	-
   42: PEER_ADDR			+	-	+	-
   43: PEER_PORT			+	-	+	-
   44: PEER_MAC_ADDR			+	-	+	-
   45: PEER_IFACE			+	-	+	-
   46: PEER_IDENT			+	-	+	-
   47: RESULT				-	+	-	-
   48: FRAMED_IP_ADDRESS		-	+	+	-
   49: PRIMARY_DNS_SERVER		-	+	-	-
   50: SECONDARY_DNS_SERVER		-	+	-	-
   51: PRIMARY_NBNS_SERVER		-	+	-	-
   52: SECONDARY_NBNS_SERVER		-	+	-	-
   53: FRAMED_ROUTE			-	+	-	-
   54: FRAMED_IPV6_ROUTE		-	+	-	-
   55: FRAMED_MTU			-	+	-	-
   56: FRAMED_COMPRESSION		-	+	-	-
   57: FRAMED_POOL			-	+	-	-
   58: SESSION_TIMEOUT			-	+	-	-
   59: IDLE_TIMEOUT			-	+	-	-
   60: ACCT_INTERIM_INTERVAL		-	+	-	-
   61: ACCT_INTERIM_LIM_RECV		-	+	-	-
   62: ACCT_INTERIM_LIM_XMIT		-	+	-	-
   63: REPLY_MESSAGE			-	+	-	-
   64: MS_CHAP_ERROR			-	+	-	-
   65: IFACE				-	-	+	-
   66: IFACE_INDEX			-	-	+	-
   67: BUNDLE				-	-	+	-
   68: ACCT_STATUS_TYPE		-	-	+	-
   69: ACCT_SESSION_ID			+	-	+	-
   70: ACCT_MULTI_SESSION_ID		-	-	+	-
   71: ACCT_LINK_COUNT			-	-	+	-
   72: ACCT_TERMINATE_CAUSE		-	-	+	-
   73: ACCT_SESSION_TIME		-	-	+	-
   74: ACCT_INPUT_OCTETS		-	-	+	-
   75: ACCT_INPUT_PACKETS		-	-	+	-
   76: ACCT_OUTPUT_OCTETS		-	-	+	-
   77: ACCT_OUTPUT_PACKETS		-	-	+	-
   78: MPD_RULE			-	+	-	-
   79: MPD_PIPE			-	+	-	-
   80: MPD_QUEUE			-	+	-	-
   81: MPD_TABLE			-	+	-	-
   82: MPD_TABLE_STATIC		-	+	-	-
   83: MPD_FILTER			-	+	-	-
   84: MPD_LIMIT			-	+	-	-
   85: MPD_INPUT_OCTETS		-	-	+	-
   86: MPD_INPUT_PACKETS		-	-	+	-
   87: MPD_OUTPUT_OCTETS		-	-	+	-
   88: MPD_OUTPUT_PACKETS		-	-	+	-
   89: MPD_ACTION			-	+	-	-
   90: MPD_DROP_USER			-	-	-	+
   91: MPD_IFACE_NAME			-	+	-	-
   92: MPD_IFACE_DESCR			-	+	-	-
   93: MPD_IFACE_GROUP			-	+	-	-
   94: </pre>
   95: </p>
   96: <p>Attribute USER_PASSWORD provided in Access-Request only for PAP auth.
   97: Attributes USER_NT_HASH and USER_LM_HASH in Access-Reply used for
   98: MS-CHAP auth only.</p>
   99: <p>In reply script may specify any combination of attributes it needs. 
  100: The only mandatory attribute in Access-Response is RESULT. RESULT must
  101: be one of SUCCESS, UNDEF or FAIL. RESULT UNDEF means that mpd should
  102: authenticate user itself using USER_PASSWORD/USER_NT_HASH attribute
  103: supplied by script.</p>
  104: <p>For description of most attributes look their RADIUS alternatives.</p>
  105: 
  106:  <HR NOSHADE>
  107: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
  108:  <b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
  109:  <b>:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
  110:  <b>:</b> <EM>External authentication</EM><BR>
  111: <b>Previous:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A><BR>
  112: <b>Next:</b> <A HREF="mpd32.html"><EM>Dynamic Authorization</EM></A>
  113: 
  114: 
  115: 
  116: </BODY>
  117: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>