First it asks the user for his loginname (if not supplied by getty) and his password.
Then it tries to find the loginname either through a RADIUS server query or in the local passwd file or through both methods.
If the user is authenticated locally radlogin calls the local login program to spawn a login enviroment.
If the user is authenticated via RADIUS radlogin calls a special other login program which gets the information that was passed from the RADIUS server in enviroment variables.
If the SCP is defined in config.h, the first letter of the username determins what kind of service is requested. This allows you to use one password for all accounts, but the radiusd supplies you just with the right information you need for the specified service type:
First Letter | User Service |
S | Slip |
C | Slip with Van Jacobsen TCP/IP |
P | PPP |
Login |
According to the answer, different programms are started. These are specified in the client.conf with start_ppp and login_local.
In these special login programs you can now either start a telnet/rlogin session or start up SLIP/CSLIP or even PPP based on the information from the RADIUS server. Furthermore you can send accounting information to a RADIUS accouting server via a program called radacct which is also part of Radiusclient.
where
---8<--------------------------------------------------------------------You then can telnet to this port and if you login as an outbound user you get connected to a outgoing modem. Unfortunatly telnet isn't 8 bit clean. But there still is rport which uses a pseudo tty to establish an interface between a normal serial program and the remote modem. Unfortunatly rport isn't working right at the moment.stream tcp nowait root /bin/radlogin ---8<--------------------------------------------------------------------
* - -/radlogin @
You can also configure radiusclient to accept network connections via inetd which get redirect to an outgoing modem. To enable this, you must add a line to your inetd configuration file (normally /etc/inetd.conf) to start radlogin.
For a Berkeley inetd you might use a line like this:
<port-no> stream tcp nowait root /usr/local/sbin/radloginYou then can telnet to this port and if you login as an outbound user (Service-Type is set to Outbound in your RADIUS server database) you get connected to an outgoing modem.
Unfortunatly telnet is not 8 bit clean. But there is a program called rport in the Radiusclient package which uses a pseudo tty to establish an interface between a normal serial program and the remote modem. Unfortunatly rport isn't working right at the moment.
radlogin tries to find out if it got started from inetd and what
program is on the other side of the network connection (telnet or
rport). It does this by sending telnet options at the start
of the session. If it gets an answer from the remote side, it assumes
telnet.
If you want to disable automatic telnet detection you can disable
it with the -t option of radlogin.
radlogin tries to enable keepalive packets on the network link if possible to better detect link failure. If you want to disable this, specify the -d option on the radlogin command line.