1rlm_unix(5)                    FreeRADIUS Module                   rlm_unix(5)
2
3
4

NAME

6       rlm_unix - FreeRADIUS Module
7

DESCRIPTION

9       The  rlm_unix module allows authentication against the system password,
10       shadow, and group files.  It also provides FreeRADIUS an interface into
11       a  radwtmp  file  (used by "radlast") when added to the accounting sec‐
12       tion.
13
14       The rlm_unix module provides the functionality for  "Auth-Type  =  Sys‐
15       tem",  rather  than  "Auth-Type = Unix".  The "System" name is used for
16       historical reasons.
17
18       The main configuration items to be aware of are:
19
20       cache  This is a 'yes' or 'no' option.  If set to yes, FreeRADIUS  will
21              read  the system files into memory, rather than perform a system
22              call to lookup the information.  On *BSD systems, you should set
23              this  value  to  no.  On other systems, if you have a very large
24              passwd and shadow files, you can try setting this to yes,  which
25              may increase the servers performance.  The default is no.
26
27       cache_reload
28              This  is  the  number  of seconds to wait between refreshing the
29              cached files from the system.   It  has  no  effect  unless  you
30              enable caching.
31
32       passwd The  path  to  the system passwd file.  Usually /etc/passwd.  If
33              commented out, or not set, the server will retrieve the informa‐
34              tion via systemcalls.
35
36       shadow The  path to the system shadow file.  Usually /etc/shadow.  This
37              is not set by default.
38
39       group  The path to the system group file.  Usually /etc/group.  This is
40              not set by default.
41
42       radwtmp
43              The  path  to  the  system  wtmp file to be used for keeping the
44              database of online users as read by the 'radlast' program.
45
46       usegroup
47              This is a 'yes' or 'no' option.  If set to 'yes' this allows the
48              Group attribute to be used as a check item.  Default is 'no'.
49

CONFIGURATION

51       modules {
52         ...
53         unix {
54           cache = no
55           cache_reload = 600
56           #passwd = /etc/passwd
57           #shadow = /etc/shadow
58           #group = /etc/group
59           usegroup = no
60           radwtmp = ${logdir}/radwtmp
61         }
62         ...
63       }
64

SECTIONS

66       authentication, accounting
67

FILES

69       /etc/raddb/radiusd.conf,
70

SEE ALSO

72       radiusd(8), radiusd.conf(5), radlast(1)
73

AUTHORS

75       Chris Parker, cparker@segv.org
76
77
78
79                                5 February 2004                    rlm_unix(5)