radpwtst man page on BSDi

Man page or keyword search:  
man Server   6284 pages
apropos Keyword Search (all sections)
Output format
BSDi logo
[printable version]



RADPWTST(8)					      RADPWTST(8)

NAME
       radpwtst	 - authenticates a user's password using a RADIUS
       server

SYNOPSIS
       radpwtst [ -ccode ] [ -ddirectory ] [ -ffile ] [ -ggroup ]
	    [  -h ] [ -iclient_IP_address ] [ -lasync_port ] [ -n
       ]
	    [ -pUDP_port ] [ -rretries ] [ -sservername ]
	    [ -ttimeout ] [ -utype ] [ -v[ 1 | 2] ]
	    [ -wpassword ] [ -x ] [ -:<attribute>=<value> ]
	    userid [@realm ]

DESCRIPTION
       Radpwtst authenticates a user using a RADIUS server.   The
       userid  is required on the command line.	 Radpwtst prompts
       for the password matching this  userid  and  forwards  the
       userid/password	tuple  to  a  RADIUS  server.	When  the
       optional @realm is present, it indicates the user  belongs
       in  some	 authentication	 realm.	 These realms are usually
       listed in the first column of the RADIUS server's authfile
       which  is assumed (by default) to be located in either the
       ../raddb or the /usr/private/etc/raddb  directories.   See
       authfile(5)  for	 more  information.   When  the	 optional
       @realm is omitted, the userid is sought in the users file,
       only.   An  exact  match is required and if that fails the
       DEFAULT entry ends up describing how to authenticate  this
       user.  See users(5) for more information.

       If authentication succeeds, radpwtst displays "authentica-
       tion OK" on standard  output.   Otherwise,  radpwtst  dis-
       plays:

	    "userid" authentication failed.

OPTIONS
       -c code
	      allows  the  user	 to specify several RADIUS packet
	      type codes from the following list: 1 (for  Access-
	      Request),	 4 (for Accounting-Request), 7 (for Pass-
	      word-Request) and 12 (for Status-Server).

       -d directory
	      allows the user to specify an  alternate	directory
	      name  containing	the  RADIUS authfile, clients and
	      users files instead of  the  default  ../raddb  and
	      /usr/private/etc/raddb   directories.    If  no  -d
	      directory argument is given, RADIUS will look first
	      for a directory ../raddb and, if none is found, use
	      /usr/private/etc/raddb.  An error will be displayed
	      on  stdout  if  neither  directory  can  be used to
	      locate  the  various  RADIUS  configuration  files.
	      Care  should  be	taken  to  ensure the contents of
	      these configuration files match those of the RADIUS

			 18 November 1996			1

RADPWTST(8)					      RADPWTST(8)

	      server  if  the  server  is  running on a different
	      machine than the one where radpwtst is being run.

       -f file
	      allows the user to specify a "prefix" for a file in
	      the  users file format (see the users(5) man page).
	      The name of  this	 users	file  is  assumed  to  be
	      <file>.users  and found in the RADIUS configuration
	      file  directory.	 This  file  contains	arbitrary
	      check-items  and reply-items (see users(5) for more
	      information) grouped into pseudo-users having names
	      which  may be specified by the following -g option.
	      If no -g option is given, the DEFAULT entry (if one
	      is  present)  will be used.  In this way, arbitrary
	      attribute-value pairs may be communicated to remote
	      RADIUS servers.

       -g group
	      allows  the  user	 to specify an arbitrary "pseudo-
	      user" named group in  the	 file  specified  by  the
	      above  -f	 option.   This	 file  contains arbitrary
	      check-items and reply-items (see users(5) for  more
	      information)  grouped  by	 these pseudo-user names.
	      If no -g option is given, the DEFAULT entry (if one
	      is  present)  will be used.  In this way, arbitrary
	      attribute-value pairs may be communicated to remote
	      RADIUS servers.

       -h     causes  a	 usage	(help)	message to be placed onto
	      stdout.

       -i clientIPaddress
	      allows the user to specify a  different  client  IP
	      address  instead	of  the	 using	as default the IP
	      address of the originating machine.

       -l async_port
	      allows the user to specify an alternate asynch port
	      number instead of the default async port 1.

       -n     allows  the  user	 to force the Authentication-Only
	      value to be used in the attribute-value  pair  Ser-
	      vice-Type.

       -p UDPport
	      allows  the  user	 to specify an alternate UDP port
	      number instead of the default UDP port number 1645.

       -r retries
	      allows  the  user	 to  specify  a maximum number of
	      retries instead of the default ten.

       -s servername
	      allows the user  to  specify  an	alternate  server

			 18 November 1996			2

RADPWTST(8)					      RADPWTST(8)

	      instead of the default homeless.merit.edu.

       -t timeout
	      allows  the  user	 to  specify an alternate timeout
	      value (in seconds) instead of the default three.

       -u type
	      allows the user to specify one of several	 Service-
	      Type  values  instead  of	 the  default auth value.
	      Note, that the default auth value will fail  if  no
	      password	(or an empty password) is included in the
	      Access-Request (default or -c1)  produced	 by  rad-
	      pwtst.   This is because the RADIUS server requires
	      a valid (non-empty) password be provided in Access-
	      Request packets where the Service-Type is Authenti-
	      cate-Only.  Valid types  are:  admin,  auth,  dumb,
	      exec,  kchap, outbound, ppp, slip, dbadmin, dbdumb,
	      dbpppand dbslip, where db stands for "dial back" in
	      the last four types.

       -v     prints the version of RADIUS used to build the pro-
	      gram.  If the option is given as	-v1  or	 -v2  the
	      program  will  build  the	 request according to the
	      RADIUS protocol version one or two, respectively.

       -w password
	      allows the user to provide a password on	the  com-
	      mand line and not be prompted for one.

       -x     allows the user to turn on debugging output.

       -:<attribute>=<value>
	      the  text that follows the colon (":") character is
	      taken to specify the value of any attribute in  the
	      dictionary.   The syntax is identical to the reply-
	      items described in users(5).

EXIT STATUS
       Normal successful completion returns zero to  the  system.
       If  the	response  from the RADIUS server had errors, rad-
       pwtst returns -2.  Local errors	return	-1,  and  timeout
       errors return 1 as status.

FILES
       ../raddb		   the	directory  containing  the RADIUS
			   configuration and database files.
       /usr/private/etc/raddb
			   an alternate directory containing  the
			   same files.

SEE ALSO
       radcheck(8),  radiusd(8), authfile(5), clients(5), dictio-
       nary(5), users(5)

			 18 November 1996			3

[top]

List of man pages available for BSDi

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net