Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

libauth(3) [suse man page]

libauth(3)						    InterNetNews Documentation							libauth(3)

NAME

       libauth - routines for writing nnrpd resolvers and authenticators

SYNOPSIS

	   #include "libauth.h"

	   struct res_info {
	       struct sockaddr *client;
	       struct sockaddr *local;
	       char *clienthostname;
	   };

	   struct auth_info {
	       char *username;
	       char *password;
	   };

	   struct auth_info *get_auth_info(FILE *);
	   struct res_info  *get_res_info (FILE *);

	   void free_auth_info(struct auth_info*);
	   void free_res_info (struct res_info*);

DESCRIPTION

       These functions provide a convenient C frontend to the nnrpd external authentication interface documented in doc/external-auth.	Use of
       this library is not required; in particular, external resolvers and authenticators written in languages other than C will need to implement
       the necessary functionality themselves.

       The get_auth_info() and get_res_info() functions allocate sufficient memory for a struct auth_info or struct res_info and any necessary
       fields, and return a pointer to the struct with the fields filled in from information supplied by nnrpd (the FILE* parameter generally
       should be "stdin").  Both functions return NULL on error.  The caller is responsible for deallocating the memory by using the functions
       below.

       The string fields of both structs are straightforward.  The client and local fields of struct res_info actually point to instances of
       struct sockaddr_in (or struct sockaddr_in6 if IPv6 support is compiled in).

       The free_auth_info() and free_res_info() functions free the struct passed in as argument and all necessary fields.

BUGS

       In many cases, nnrpd provides more information than is normally useful (for example, even when calling an authenticator, the resolver
       information is often provided.)	On the other hand, in certain cases it provides less information than might be expected (for example, if
       nnrpd is reading from stdin rather than a socket).  The implementation is capable of handling at least the first of these issues, but that
       functionality is not exposed in the interface.

       At present, libauth.h and its implementation are located in authprogs/; perhaps they should be moved to include/ and lib/, respectively?

HISTORY

       Written by Jeffrey M. Vinocur <jeff@litech.org> for InterNetNews.

       $Id: libauth.pod 8200 2008-11-30 13:31:30Z iulius $

SEE ALSO

       nnrpd(8), readers.conf(5), doc/external-auth

INN 2.5.2							    2009-05-21								libauth(3)

Check Out this Related Man Page

RADIUS(8)						    InterNetNews Documentation							 RADIUS(8)

NAME

       radius - nnrpd RADIUS password authenticator

SYNOPSIS

       radius [-h] [-f config]

DESCRIPTION

       radius is an nnrpd authenticator, accepting a username and password from nnrpd (given to nnrpd by a reader connection) and attempting to
       authenticate that username and password against a RADIUS server.  See readers.conf(5) for more information on how to configure an nnrpd
       authenticator.  It is useful for a site that already does user authentication via RADIUS and wants to authenticate news reading connections
       as well.

       By default, radius reads pathetc/radius.conf for configuration information, but a different configuration file can be specified with -f.
       See radius.conf(5) for a description of the configuration file.

OPTIONS

       -f config
	   Read config instead of pathetc/radius.conf for configuration information.

       -h  Print out a usage message and exit.

EXAMPLE

       The following readers.conf(5) fragment tells nnrpd to authenticate all connections using this authenticator:

	   auth radius {
	       auth: radius
	       default: <FAIL>
	       default-domain: example.com
	   }

       "@example.com" will be appended to the user-supplied identity, and if RADIUS authentication failes, the user will be assigned an identity
       of "<FAIL>@example.com".

BUGS

       It has been reported that this authenticator doesn't work with Ascend RADIUS servers, but does work with Cistron RADIUS servers.  It's also
       believed to work with Livingston's RADIUS server.  Contributions to make it work better with different types of RADIUS servers would be
       gratefully accepted.

       This code has not been audited against the RADIUS protocol and may not implement it correctly.

HISTORY

       The RADIUS authenticator was originally written by Aidan Cully.	This documentation was written by Russ Allbery <rra@stanford.edu>.

       $Id: radius.pod 7664 2007-09-02 12:58:07Z iulius $

SEE ALSO

       nnrpd(8), radius.conf(5), readers.conf(5)

       RFC 2865, Remote Authentication Dial In User Service.

INN 2.5.3							    2009-05-21								 RADIUS(8)
Man Page