Provided by: yardradius_1.1.2-4_i386 bug

NAME

       radiusd_attributes - extended users attributes

DESCRIPTION

       This page describes the differences between YARD RADIUS syntax of users
       file and the `standard' one of Livingston RADIUS Daemon 2.1. A complete
       description  of  the  syntax  of  that  file  is  not the scope of this
       document.

       The users text file contains security and configuration information for
       each  user.  The  first  field  is  the  user's name and can be up to 8
       characters in length.  This is followed (on the  same  line)  with  the
       list  of  authentication  requirements for that user.  This can include
       password, comm server name, comm server port number, and an  expiration
       date  of  the  user's  password.   When  an  authentication  request is
       received from the comm server, these values are tested.  Special  users
       named  "DEFAULT",  "DEFAULT2", "DEFAULT3" can be created (and should be
       placed at the end of the user file) to specify what to  do  with  users
       not contained in the user file.

       Indented  (with  the  tab  character)  lines  following  the first line
       indicate the configuration values to be passed back to the comm  server
       to  allow  the  initiation  of a user session.  This can include things
       like the PPP configuration values or the host to log the user onto.

       Again, a description of all attributes and values is not the  topic  of
       this document. See NOTES section below for a complete reference about.

YARD RADIUS ATTRIBUTES

       YARD  RADIUS  uses  some private non-protocol attributes to support its
       specific features. They are integer or string attributes that you could
       set to manage in some ways user accesses:

       Yard-Simultaneous-Use:
              The  maximum  number  of simultaneous logins for a user.  It's a
              positive value.

       Yard-Time:
              It's a list of the access times (week day(s) and  hours)  during
              which  the user is authorized to login.  It is a comma-separated
              list of  items  such  as  "Wk0800-1800,Sa0800-2400,Su0800-2400".
              Each   item   follows   a   syntax   like  "DDHHMM-HHMM",  where
              DD=Mo,Tu,We,Th,Fr,Sa,Su,Al,Wk and HHMM are the times  of  access
              in  4 characters form. 'Wk' means all 5 weekdays ('Mo'-'Fr') and
              'Al' is the whole week.

       Yard-Max-Monthly-Time:
              The maximum number of on-line hours the user can be on-line  per
              month. It is a positive value.

       Yard-Max-Monthly-Traffic:
              The  maximum  number  of Kbytes of traffic the user can totalize
              per month. It is a positive value.

       Yard-Max-Daily-Time:

       Yard-Max-Daily-Traffic:

       Yard-Max-Yearly-Time:

       Yard-Max-Yearly-Traffic:
              At this point, all these attributes are obvious.

       Yard-Pam-Auth:
              This string is the name of the PAM authentication service to use
              instead  of  the  default  one, which is "yard". This is used to
              parse the pam.conf, or the pam.d directory to get the PAM module
              to  use for auth/acct. You could prefer something like "radius",
              for instance.

       YARD RADIUS extends also the predefined values of  the  standard  Auth-
       Type attribute, with the following ones:

       PAM    Use  PAM  authentication  module.  The  service  name  could  be
              specified with a  Yard-Pam-Auth  attribute  or  it  implies  the
              default one "yard".

       System Use system passwd file with or without shadowing. Shadow support
              should be enabled when calling the `configure'  script  only  if
              your  system  requires the use of getspnam() in order to get the
              encrypted password. Not all systems that support shadow password
              have  that  function. If your system has a transparent shadowing
              support, you do not need any specific enabling. Notably this  is
              true for FreeBSD.

              If  you  like  so,  you  can  also  enable 'shadow expirations'.
              Systems which  support  this  feature  must  have  a  compatible
              getspnam()  with an expiration field in the spwd structure.  So,
              enabling this feature implies  enabling  shadow  support.   When
              shadow  expiration  is  enabled  you  can  require  system-based
              expirations  by  using  a  conventional  attribute  value   like
              Expiration="SHADOW".

       Safeword
              Not yet supported.

       Defender
              Not yet supported.

       But   for  the  above  attributes  and  values,  many  vendor  specific
       attributes and values are parsed and legal for YARD RADIUS server.  You
       can refer to the dictionary file for a complete list. Vendor attributes
       are useful only when the communication server is configured to send VSA
       mode  requests.  Some  old  communication servers could be unable to do
       this, and in that case you should modify manually the dictionary.

FILES

       /usr/conf/users
              This file contains the human  readable  information  for  users'
              accounting and authorization.

       /usr/conf/users.db
              The  same of the previous one as compiled in by builddbm in GDBM
              format.

       /usr/conf/dictionary
              This read-only file contains the codes and formats for  standard
              and  vendor  RADIUS  protocol  attributes  and values along with
              their human readable representation. It is  subject  to  change,
              due  to new access server supports. It is a plain text file with
              a pletora of comments in it.

       /usr/docs/rfc/rfc2138.txt
              Request For Comments about Remote Authentication  Dial  In  User
              Service (RADIUS).

       /usr/docs/rfc/rfc2139.txt
              Request For Comments about RADIUS Accounting.

SEE ALSO

       radiusd(8), RFC2138, RFC2139

AUTHOR

       Francesco Paolo Lovergine <francesco@yardradius.org>.

       A  complete  list  of  contributors  is contained in CREDITS file.  You
       should get that file among other  ones  within  your  distribution  and
       possibly installed under /usr/docs directory

COPYRIGHT

       Copyright (C) 1992-1999 Lucent Inc. All rights reserved.

       Copyright (C) 1999-2004 Francesco Paolo Lovergine. All rights reserved.

       See  the  LICENSE  file enclosed within this software for conditions of
       use and distribution. This is a pure ISO BSD Open Source License .

NOTES

       See the RADIUS for UNIX Administrator's Guide as a  complete  reference
       for  all  other  attributes  and  values.   It  is  freely available at
       http://www.livingston.com/tech/docs/manuals.html at the  time  of  this
       document.  Note  that  many vendor attributes are described only within
       vendor's documentation.

       Currently YARD RADIUS dictionary is updated with vendor's dictionary by
       Cisco,  Lucent,  3COM, Redback, Springtide, Nortel and possibly others,
       whenever available.