$Id: README,v 1.5 1996/01/06 02:55:04 lf Exp $

WHAT'S RADLOGIN?

	Well, I wrote it to learn more about the RADIUS protocol. I don't
        know if it is of any use to you, but I'll shortly describe what it
        does: it asks the user for his loginname and password just like the
        normal login process. Then it tries to find the user either through
        a RADIUS server query or in the local passwd file or through both
        methods (this can be configured in the radiusclient.conf file). If
        the user is athenticated locally radlogin calls the local login
        program (with -f <username>) to spawn a local login enviroment. If
        the user is authenticated via RADIUS radlogin calls a special other
        login program (normally named /bin/login.radius) which gets the
        information that was passed from the RADIUS server in enviroment
        variables. In this special login program you can now either start a
        telnet/rlogin session or start up slip/cslip or even ppp based on
        the information from the RADIUS server. Furthermore you can send
        accouting information to a RADIUS accouting server via a program
        called radacct.

USAGE

	Usage: radlogin [-hV] [-i <client-port>] [username]
	       radacct [-hV] [-i <client-port>]
	       radstatus [-hV] [server]...
	       mksid
	       mktime
	       getifname

	radlogin behaves just like a normal login program and authenticates
        the user and then spawns either a local login program or it passes
        the information from the RADIUS server to a special other login
        program in environment variables. The environment variables are
        named after the attributes prefixed with "RADIUS_" and with all
        letters of the attribute name translated to uppercase and hyphens 
	translated to an underscores. The attribute value is passed
	unchanged.

	radacct takes a list of attribute pairs on standard input and
	sends them to the RADIUS accouting server. The NAS-IP-Address,
	NAS-Port, Acct-Delay-Time attributes are inserted directly
	by radacct.

	<client-port> is the full pathname of the device which this
        authentication or accounting is refering to. This device name is
        used for the port id lookup in radlogin.map.  If it is not
        specified, then the device name of standard output is used.

	radstatus asks the RADIUS servers that are specified in the
        radiusclient.conf file for their status. If command line arguments
        are supplied then only these servers are asked. Just like in
        radiusclient.conf, you can supply a port number after the hostname
        seperated by colon. You can also use the symbolic values "auth" and
        "acct" in which case the port number is looked up in /etc/services
        or if not found in there a compiled in default is used.  This status
        query only works (I think) with the Merit radiusd.

	mksid returns a twelve byte session id for use as the
	Acct-Session-Id in accouting requests.

	mktime returns the time since since 00:00:00 GMT, January 1, 1970,
        measured in seconds. It is also used to generate accouting
	requests in login.radius.

	getifname gets the network interface name of the tty on stdout when
        it is currently used as a PPP or SLIP line. If a full pathname of a
        tty is supplied as an command line argument, it's interface
	name is output instead.

	For more information on the RADIUS authentication and
	accounting protocoll see the files in the ./doc directory.	

INSTALLATION

	Edit the MCONFIG to change the CFLAGS and LDFLAGS settings to your
        needs.  Be sure to define SHADOW_PASSWORD in the CFLAGS if you have
        shadow passwords installed on your system. Change the
        RADIUSCLIENT_CONF definition if you want the radiusclient config file in
        a diffent location.  

	Have a look at ./sample/conf.sh, you will need to change
	some values. See the other shell script parts in which
	context each variable is used.

	Doing make builds the executables.

	Doing make install will install the executables and example
	version of all the needed config and data files. Be careful
	the installation process will OVERWRITE existing files
	without asking you.
	Try make -n install to see which file gets were if you're
	unsure.

	You WILL have to customise /bin/login.radius to your needs.
	At the time of this writing it is not very usefull. You
	need to add your desired functionality. And if you do so
	please send me your changes (email address so below).

	You WILL have to look into radiusclient.conf, especially of
	you changed the position of some other files. The comments
	for each config item should explain enough to edit this file.

	Edit the "ttyname to port number" mapping file (radiusclient.map).

	Add the following two line to /etc/services if you don't
	already have them:

	----8<---------------------------------------------------------
	radius          1645/udp	# RADIUS access requests
	radacct         1646/udp	# RADIUS accounting requests
	----8<----------------------------------------------------------

	Get your getty to execute radlogin instead of the normal login
        process. The method of how to do this varies from getty to getty.
		
	If you're using getty_ps you can set the
	LOGIN directive in the respective config file.
		 
	agetty has a command line option (-l) which allows
	you to specify an alternate login program, i.e.
	radlogin.

	I don't know how it works with mgetty, but I think
	that it is also possible.

AVAILABILTY

	This program is avaiable from mips.jura2.uni-hamburg.de
	under /pub/radiusclient/radiusclient-x.x.tar.gz.

	This code is in great parts derived from the Merit RADIUS daemon
        which is avaiable from ftp.merit.edu under /radius. I can greatly
        recommend it because it compiles cleanly under Linux and has a lot
        of features. Unfortunately the documentation is a little bit sparse.
        But, I am not in the position to complain, just look at this
        program. Be warned that you need a named without the "Connection
        refused" bug, if you want to run radiusd under Linux, unless you 
	want radiusd to hang on nameserver queries.

	The original RADIUS daemon code is available from 
	ftp.livingston.com under /pub/livingston/radius.

COPYRIGHT

	Read the files COPYRIGHT and COPYING for the respective copyrights.

	If you like the radiusclient software very much and/or are using
	it on a production machine please send my a postcard. My postal
	address is:

		Lars Fenneberg
		Boettgerstrasse 29
		22851 Norderstedt
		Germany

CONTACT

	Send your comments, suggestions, bug reports and patches to
	Lars Fenneberg <in5y050@public.uni-hamburg.de>.
