Re: Mail programs supporting Radius

Dale E. Reed Jr. ( (no email) )
Wed, 26 Feb 1997 23:14:16 -0800 (PST)

> > RadiusNT handles MD5 and a passwd file just fine. You can copy the
> > passwd file to the radius directory and use Password = "UNIX"
> > to have to check the password against the passwd file. It can
> > also handle MD5 in the database and users file, but it Emerald
> > can't create the MD5 password.
> 2 things in response to these messages..
> 1. Cristian Gafton and the other Members of the Linux PAM project have
> developed a RADIUS authentication module for Linux. If your not up on
> PAM, it stands for Plug-in Authentication Modules and is a Good Thing(tm).
> Basically, what it comes down to is that you can easily configure a Linux
> box to authenticate the users login / password pair from your RadiusNT
> database. Is that not killer for E-mail? :) Create an account with
> /dev/null as the Home Dir and /bin/false as the Shell and you have a
> Unix E-mail server. Problem solved..

Yes. The client code I have was round one of the above. Thats
round two. I am not Linux savvy, but talked to others who knew
about the above. Color me badd, but I still prefer the integrated
solution. :)

> 2. MD5, DES, Shadow.. What can I do to migrate my existing UNIX password file
> over to my RadiusNT and MSQL server? I don't want to have to assign
> everyone new passwords, so can I just use the DES encrypted ones in my
> existing password file? I mean.. the prospect of calling / emailing 10,000
> users isn't a happy one.... Help...

See the top of this again. You can copy your CURRENT passwd or
spasswd file to the RadiusNT directory. If their Password is
"UNIX", then RadiusNT will lookup their username and check the
password from the passwd file. You could throw up a web
interface and tell everyuone to go change their password, or
slowly migrate. One thing we are thinking about adding is the
ability to reverse out passwords. This would allow you to log
user's passwords, and replace the "UNIX" with their actual
password they entered (after it validated to be the same).
That would make your migration much easier. :)