<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>External authentication</TITLE>
</HEAD>
<BODY text="#000000" bgcolor="#ffffff">
<A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
<b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
<b>:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
<b>:</b> <EM>External authentication</EM><BR>
<b>Previous:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A><BR>
<b>Next:</b> <A HREF="mpd32.html"><EM>Dynamic Authorization</EM></A>
<HR NOSHADE>
<H2><A NAME="31"></A>4.10.2. External authentication<A NAME="extauth"></A></H2>
<p>Mpd supports authentication and accounting by calling external scripts.
Pathes to that scripts must be specified using <code><b>set auth extauth-script ...</b></code>
and <code><b>set auth extacct-script ...</b></code> commands.</p>
<p>On invocation extauth/extacct scripts receive on stdin set of request
attribute:value pairs terminated by empty line and must generate
response in same format on stdout.</p>
<p>Supported attributes:
<pre>
Name Access Accounting
Req Resp Req Resp
USER_NAME + + + -
AUTH_TYPE + - - -
USER_PASSWORD + + - -
USER_NT_HASH - + - -
USER_LM_HASH - + - -
LINK + - + -
NAS_PORT + - + -
NAS_PORT_TYPE + - + -
CALLING_STATION_ID + - + -
CALLED_STATION_ID + - + -
SELF_NAME + - + -
PEER_NAME + - + -
SELF_ADDR + - + -
PEER_ADDR + - + -
PEER_PORT + - + -
PEER_MAC_ADDR + - + -
PEER_IFACE + - + -
PEER_IDENT + - + -
RESULT - + - -
FRAMED_IP_ADDRESS - + + -
PRIMARY_DNS_SERVER - + - -
SECONDARY_DNS_SERVER - + - -
PRIMARY_NBNS_SERVER - + - -
SECONDARY_NBNS_SERVER - + - -
FRAMED_ROUTE - + - -
FRAMED_IPV6_ROUTE - + - -
FRAMED_MTU - + - -
FRAMED_COMPRESSION - + - -
FRAMED_POOL - + - -
SESSION_TIMEOUT - + - -
IDLE_TIMEOUT - + - -
ACCT_INTERIM_INTERVAL - + - -
ACCT_INTERIM_LIM_RECV - + - -
ACCT_INTERIM_LIM_XMIT - + - -
REPLY_MESSAGE - + - -
MS_CHAP_ERROR - + - -
IFACE - - + -
IFACE_INDEX - - + -
BUNDLE - - + -
ACCT_STATUS_TYPE - - + -
ACCT_SESSION_ID + - + -
ACCT_MULTI_SESSION_ID - - + -
ACCT_LINK_COUNT - - + -
ACCT_TERMINATE_CAUSE - - + -
ACCT_SESSION_TIME - - + -
ACCT_INPUT_OCTETS - - + -
ACCT_INPUT_PACKETS - - + -
ACCT_OUTPUT_OCTETS - - + -
ACCT_OUTPUT_PACKETS - - + -
MPD_RULE - + - -
MPD_PIPE - + - -
MPD_QUEUE - + - -
MPD_TABLE - + - -
MPD_TABLE_STATIC - + - -
MPD_FILTER - + - -
MPD_LIMIT - + - -
MPD_INPUT_OCTETS - - + -
MPD_INPUT_PACKETS - - + -
MPD_OUTPUT_OCTETS - - + -
MPD_OUTPUT_PACKETS - - + -
MPD_ACTION - + - -
MPD_DROP_USER - - - +
MPD_IFACE_NAME - + - -
MPD_IFACE_DESCR - + - -
MPD_IFACE_GROUP - + - -
</pre>
</p>
<p>Attribute USER_PASSWORD provided in Access-Request only for PAP auth.
Attributes USER_NT_HASH and USER_LM_HASH in Access-Reply used for
MS-CHAP auth only.</p>
<p>In reply script may specify any combination of attributes it needs.
The only mandatory attribute in Access-Response is RESULT. RESULT must
be one of SUCCESS, UNDEF or FAIL. RESULT UNDEF means that mpd should
authenticate user itself using USER_PASSWORD/USER_NT_HASH attribute
supplied by script.</p>
<p>For description of most attributes look their RADIUS alternatives.</p>
<HR NOSHADE>
<A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
<b>:</b> <A HREF="mpd17.html"><EM>Configuring Mpd</EM></A>
<b>:</b> <A HREF="mpd29.html"><EM>Authentication, Authorization and Accounting (AAA)</EM></A>
<b>:</b> <EM>External authentication</EM><BR>
<b>Previous:</b> <A HREF="mpd30.html"><EM>RADIUS</EM></A><BR>
<b>Next:</b> <A HREF="mpd32.html"><EM>Dynamic Authorization</EM></A>
</BODY>
</HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>