Hi Felix,
Yes, its a good idea to check the primary group in AuthSYSTEM. I have fixed it
for the next release and uploaded the new version to
http://www.open.com.au/radiator /downloads/patches-2.13.1/AuthSYSTEM.pm
Please check it out and let me know if its OK.
Cheers.
On May 29, 4:38pm, Felix Izquierdo wrote:
> Subject: (RADIATOR) AuthSYSTEM.pm doesn't check GID in Solaris
>
> Hi!
>
> I have installed a perl shadow passwords module ( Shadowf/Shadows ) and
> now I'm working with AuthSYSTEM with a little patch for calling
> getspnamf() after the call to getpwnam() and get the password from this
> new function:
>
> > use Shadowf;
> > .
> > .
> > .
> > sub findUser
> > {
> > .
> > .
> > if (($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell)
> > = getpwnam($look_for))
> > {
> > # THIS IN THE getspnamf() CALL
> >
> > ($nousado,$passwd)=getspnamf($look_for);
> >
> > $user = new Radius::User $name;
> > $user->get_check->add_attr('Encrypted-Password', $passwd);
> > }
>
> It works fine in my Solaris 2.6 for any users/passwords method defined
> in nsswitch.conf.
>
> But now, I can see that the group cheking code in AuthSYSTEM.pm doesn't
> check the primary GID, because it calls to getgrnam() and checks the
> members array, but in Solaris the primary group is not in this array,
> only the supplementary groups. In many Linux systems, utility programs
> like "useradd", put the primary GID in the /etc/group file as a
> supplementary group, but this in not the case in Solaris.
>
> I think that if AuthSYSTEM.pm checks also the GID returned in getpwnam()
> ( as AuthUNIX.pm does ), it will work in all the Unix systems regardless
> of where the user primary group is saved.
>
> Cheers.
>
> F�lix
>
> ______________________________________________________________________
> DATAGRAMA SERVICIOS INTERNET
> C/ Acer 30 Tlf: +34 3 223 00 98
> 08038 BARCELONA ( Spain ) Fax: +34 3 223 12 66
> mailto:[EMAIL PROTECTED] http://www.datagrama.net
> ______________________________________________________________________
>
>
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Felix Izquierdo
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
�
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
