|
Editor's note:
The information in this node may be obsolete or otherwise inaccurate. This message will disappear, once this node revised. |
radius {
# Set radius configuration directory.
directory dir;
# Radius request for authorization.
auth request;
# Radius request for getpwnam.
getpwnam request;
# Radius request for getpwuid.
getpwuid request;
}
The radius block statement configures RADIUS
authentication and authorization.
Mailutils uses GNU Radius library, which is configured via
raddb/client.conf file (see Client Configuration). Its exact
location depends on configuration settings that were used while
compiling GNU Radius. Usually it is /usr/local/etc, or
/etc. This default can also be changed at run time using
directory statement:
It authorization is used, the Radius dictionary file must declare the the following attributes:
A dictionary file with appropriate definitions is included in the Mailutils distribution: examples/config/mailutils.dict. This file is not installed by default, you will have to manually copy it to the GNU Radius raddb/dict directory and include it in the main dictionary file raddb/dictionary by adding the following statement:
$INCLUDE dict/mailutils.dict
Requests to use for authentication and authorization are
configured using three statements: auth, getpwnam and
getpwuid. Each statement takes a single argument: a string,
containing a comma-separated list of assignments. An assignment
specifies a particular attribute-value pair (see RADIUS Attributes) to send to
the server. The left-hand side of the assignment is a symbolic attribute
name, as defined in one of Radius dictionaries (see Dictionary of Attributes). The value is specified by the right-hand side of
assignment. For example:
"Service-Type = Authenticate-Only, NAS-Identifier = \"mail\""
An assignment may contain references to the following macro-variables (see macro-variables (Editor's note: dangling link)):
auth and getpwnam), or user ID
(for getpwuid). For example:
User-Name = ${user}
User-Password = ${passwd}
Specifies the request to be sent to authenticate the user. For example:
auth "User-Name = ${user}, User-Password = ${passwd}";The user is authenticated only if this request returns
Access-Accept(see Access-Accept). Any returned attribute-value pairs are ignored.
Specifies the request that returns user information for the given user name. For example:
getpwnam "User-Name = ${user}, State = getpwnam, " "Service-Type = Authenticate-Only";If the requested user account exists, the Radius server must return
Access-Acceptpacket with the following attributes:GNU-MU-User-Name,GNU-MU-UID,GNU-MU-GID,GNU-MU-GECOS,GNU-MU-Dir,GNU-MU-Shell.The attributes
GNU-MU-MailboxandGNU-MU-Quotaare optional.If
GNU-MU-Mailboxis present, it must contain a valid mailbox URL (see urls (Editor's note: dangling link)). IfGNU-MU-Mailboxis not present, Mailutils constructs the mailbox name using the settings from themailboxconfiguration statement (see Mailbox Statement), or built-in defaults, if it is not present.If
GNU-MU-Quotais present, it specifies the maximum mailbox size for this user, in bytes. In the absence of this attribute, mailbox size is unlimited.
Specifies the request that returns user information for the given user ID. In pairlist, the ‘user’ macro-variable is expanded to the numeric value of ID. For example:
getpwuid "User-Name = ${user}, State = getpwuid, " "Service-Type = Authenticate-Only";The reply to
getpwuidrequest is the same as togetpwnamrequest (see above).