RADIUS and mgetty

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

"Robert W. Canary" <rwcanary@ohiocounty.net> writes:
> Yes and No.  My question come from the experience of portslave which
> is a dialin getty like mgetty.  Except mgetty (I think) is geared
> more for the in-general-single-machine use.  (single machine in the
> way it authenticates).  While being able to accept or reject calls
> based on the incoming phone number, mgetty has some the capabilities
> of portslave.  However a central machine for authetication is an
> absolute must for dialin networks.  I love useing mgetty I think it
> is great.  I use it on my dialin lines now.  However, I need to
> extend my ability to authenticate from outside my network.  That is
> my I need a RADIUS server.  However, I sure wish there was a way to
> use mgetty with it.

The usual case is that authentication and accounting are done by the
program that mgetty starts, after it has accepted the call.  For
instance, if the caller wants to talk PPP, mgetty hands the line over
to pppd and it is pppd that needs to talk to your radius server.
Similarly for /bin/login if the caller wants a shell-prompt.  There is
no need for mgetty to get involved in this.  Indeed, in the case of
PPP, it doesn't make sense.

The case of authenticating on the phone number is interesting.  We
have a terminal server[*] that can send radius queries based on
calling number and called extension, before it even picks up the call.
The answers influence whether the call is picked up and if so what
services are offered.  It seems to me that that should be done by an
external program called by mgetty, rather than built in.  If this
program gives a positive response (pick up the call), it should also
be able to tell mgetty how to handle the call - e.g., start pppd with
a particular set of options.

[*] An ITK NetBlazer, not running mgetty.

-- 
Frank Cringle,      fdc@cliwe.ping.de
voice: (+49 2304) 467101; fax: 943357