Re: Mail programs supporting Radius

RHS Linux User ( damin@auth.acclink.com )
Thu, 27 Feb 1997 01:17:06 -0500 (EST)

On Thu, 6 Feb 1997, Dale E. Reed Jr. wrote:

> Brian Wang wrote:
> >
> > I believe we share the same problem in a NT/Unix mixed environment
> > , since we'll be moving from UNIX Radius to Emerald+NTRadius real soon
> > now. I did manage to patch qpopper 2.2 to authenticate via radius last
> > week, however, I'm still stuck with usernames in passwd file. Unless I can
> > make sendmail8.8.5 to do some sort of external username db lookup, and
> > saving incoming non-unix-user mails... Any clues? Oh BTW, what's a good
> > way to move Unix DES encrypted passwd over to Emerald/NTRadius?
>
> I would definately be interested in the popper hack. We have done
> some of that here on unixware and linux as well. The sendmail hack
> doesn't seem as difficult, since you have qpopper working. One of the
> things we are thinking about doing it enhancing the response
> to include things like home dir, etc for non-standard auth reqs. This
> could also include mail information (like forwards, etc) from the
> sendmail
> hack. We are about to finihh the database format for extended SMTP
> support
> which included multi-mailbox and forwarding. We have an SMTP vendor to
> integrate, and will be working on more.
>
> RadiusNT handles MD5 and a passwd file just fine. You can copy the
> passwd file to the radius directory and use Password = "UNIX"
> to have to check the password against the passwd file. It can
> also handle MD5 in the database and users file, but it Emerald
> can't create the MD5 password.

2 things in response to these messages..

1. Cristian Gafton and the other Members of the Linux PAM project have
developed a RADIUS authentication module for Linux. If your not up on
PAM, it stands for Plug-in Authentication Modules and is a Good Thing(tm).
Basically, what it comes down to is that you can easily configure a Linux
box to authenticate the users login / password pair from your RadiusNT
database. Is that not killer for E-mail? :) Create an account with
/dev/null as the Home Dir and /bin/false as the Shell and you have a
Unix E-mail server. Problem solved..

2. MD5, DES, Shadow.. What can I do to migrate my existing UNIX password file
over to my RadiusNT and MSQL server? I don't want to have to assign
everyone new passwords, so can I just use the DES encrypted ones in my
existing password file? I mean.. the prospect of calling / emailing 10,000
users isn't a happy one.... Help...