Provided by: yardradius_1.1.2-4ubuntu1_amd64 bug

NAME

       radiusd_attributes - extended users attributes

DESCRIPTION

       This  page  describes  the  differences  between  YARD RADIUS syntax of users file and the
       `standard' one of Livingston RADIUS Daemon 2.1. A complete description of  the  syntax  of
       that file is not the scope of this document.

       The  users  text  file  contains security and configuration information for each user. The
       first field is the user's name and can be up to 8 characters in length.  This is  followed
       (on  the  same line) with the list of authentication requirements for that user.  This can
       include password, comm server name, comm server port number, and an expiration date of the
       user's  password.   When an authentication request is received from the comm server, these
       values are tested.  Special users named "DEFAULT", "DEFAULT2", "DEFAULT3" can  be  created
       (and  should  be  placed at the end of the user file) to specify what to do with users not
       contained in the user file.

       Indented  (with  the  tab  character)  lines  following  the  first  line   indicate   the
       configuration  values  to  be  passed back to the comm server to allow the initiation of a
       user session.  This can include things like the PPP configuration values or  the  host  to
       log the user onto.

       Again,  a  description of all attributes and values is not the topic of this document. See
       NOTES section below for a complete reference about.

YARD RADIUS ATTRIBUTES

       YARD RADIUS uses some private non-protocol attributes to support  its  specific  features.
       They  are  integer  or  string  attributes  that you could set to manage in some ways user
       accesses:

       Yard-Simultaneous-Use:
              The maximum number of simultaneous logins for a user.  It's a positive value.

       Yard-Time:
              It's a list of the access times (week day(s) and hours) during which  the  user  is
              authorized   to   login.    It   is   a  comma-separated  list  of  items  such  as
              "Wk0800-1800,Sa0800-2400,Su0800-2400". Each item follows  a  syntax  like  "DDHHMM-
              HHMM",  where  DD=Mo,Tu,We,Th,Fr,Sa,Su,Al,Wk  and HHMM are the times of access in 4
              characters form. 'Wk' means all 5 weekdays ('Mo'-'Fr') and 'Al' is the whole week.

       Yard-Max-Monthly-Time:
              The maximum number of on-line hours the user can be on-line  per  month.  It  is  a
              positive value.

       Yard-Max-Monthly-Traffic:
              The  maximum  number  of Kbytes of traffic the user can totalize per month. It is a
              positive value.

       Yard-Max-Daily-Time:

       Yard-Max-Daily-Traffic:

       Yard-Max-Yearly-Time:

       Yard-Max-Yearly-Traffic:
              At this point, all these attributes are obvious.

       Yard-Pam-Auth:
              This string is the name of the PAM authentication service to  use  instead  of  the
              default  one,  which  is  "yard".  This is used to parse the pam.conf, or the pam.d
              directory to get the PAM module to use for auth/acct. You  could  prefer  something
              like "radius", for instance.

       YARD  RADIUS  extends also the predefined values of the standard Auth-Type attribute, with
       the following ones:

       PAM    Use PAM authentication module. The service name could be specified with a Yard-Pam-
              Auth attribute or it implies the default one "yard".

       System Use  system passwd file with or without shadowing. Shadow support should be enabled
              when calling the `configure' script  only  if  your  system  requires  the  use  of
              getspnam()  in  order  to  get the encrypted password. Not all systems that support
              shadow password have that function. If your  system  has  a  transparent  shadowing
              support, you do not need any specific enabling. Notably this is true for FreeBSD.

              If  you  like  so,  you can also enable 'shadow expirations'. Systems which support
              this feature must have a compatible getspnam() with an expiration field in the spwd
              structure.  So, enabling this feature implies enabling shadow support.  When shadow
              expiration  is  enabled  you  can  require  system-based  expirations  by  using  a
              conventional attribute value like Expiration="SHADOW".

       Safeword
              Not yet supported.

       Defender
              Not yet supported.

       But  for  the  above attributes and values, many vendor specific attributes and values are
       parsed and legal for YARD RADIUS server. You can  refer  to  the  dictionary  file  for  a
       complete  list.  Vendor  attributes  are  useful  only  when  the  communication server is
       configured to send VSA mode requests. Some old communication servers could be unable to do
       this, and in that case you should modify manually the dictionary.

FILES

       /usr/conf/users
              This  file  contains  the  human  readable  information  for  users' accounting and
              authorization.

       /usr/conf/users.db
              The same of the previous one as compiled in by builddbm in GDBM format.

       /usr/conf/dictionary
              This read-only file contains the codes and formats for standard and  vendor  RADIUS
              protocol  attributes  and values along with their human readable representation. It
              is subject to change, due to new access server supports. It is a  plain  text  file
              with a pletora of comments in it.

       /usr/docs/rfc/rfc2138.txt
              Request For Comments about Remote Authentication Dial In User Service (RADIUS).

       /usr/docs/rfc/rfc2139.txt
              Request For Comments about RADIUS Accounting.

SEE ALSO

       radiusd(8), RFC2138, RFC2139

AUTHOR

       Francesco Paolo Lovergine <francesco@yardradius.org>.

       A  complete  list  of contributors is contained in CREDITS file.  You should get that file
       among other ones within your distribution and possibly installed under /usr/docs directory

COPYRIGHT

       Copyright (C) 1992-1999 Lucent Inc. All rights reserved.

       Copyright (C) 1999-2004 Francesco Paolo Lovergine. All rights reserved.

       See the LICENSE file enclosed within this software for conditions of use and distribution.
       This is a pure ISO BSD Open Source License .

NOTES

       See  the  RADIUS  for  UNIX  Administrator's  Guide  as a complete reference for all other
       attributes      and       values.        It       is       freely       available       at
       http://www.livingston.com/tech/docs/manuals.html  at  the time of this document. Note that
       many vendor attributes are described only within vendor's documentation.

       Currently YARD RADIUS dictionary is updated with vendor's  dictionary  by  Cisco,  Lucent,
       3COM, Redback, Springtide, Nortel and possibly others, whenever available.