GNU Mailutils Manual (split by node): Section: Back: 2.2.14 Virtdomain Statement Forward: 2.2.16 SQL Statement Chapter: FastBack: 2. Mailutils Programs Up: 2.2 Mailutils Configuration File FastForward: 3. Mailutils Libraries Doc: Contents: Table of Contents Index: Function Index   ?

2.2.15 Radius Statement

Syntax

 
radius {
  # Set radius configuration directory.
  directory dir;
  # Radius request for authorization.
  auth request;
  # Radius request for getpwnam.
  getpwnam request;
  # Radius request for getpwuid.
  getpwuid request;
}

Description

The radius block statement configures RADIUS authentication and authorization.

Mailutils uses GNU Radius library, which is configured via ‘raddb/client.conf’ file (see Client Configuration: (radius)client.conf section `Client Configuration' in GNU Radius Reference Manual). Its exact location depends on configuration settings that were used while compiling GNU Radius. Usually it is ‘/usr/local/etc’, or ‘/etc’. This default can also be changed at run time using directory statement:

Configuration: directory dir

Set full path name to the GNU Radius configuration directory.

It authorization is used, the Radius dictionary file must declare the the following attributes:

Attribute Type Description
GNU-MU-User-Name string User login name
GNU-MU-UID integer UID
GNU-MU-GID integer GID
GNU-MU-GECOS string GECOS
GNU-MU-Dir string Home directory
GNU-MU-Shell string User shell
GNU-MU-Mailbox string User mailbox
GNU-MU-Quota integer Mail quota (in bytes)

A dictionary file with appropriate definitions is included in the Mailutils distribution: ‘examples/config/mailutils.dict’. This file is not installed by default, you will have to manually copy it to the GNU Radius ‘raddb/dict’ directory and include it in the main dictionary file ‘raddb/dictionary’ by adding the following statement:

 
$INCLUDE dict/mailutils.dict

Requests to use for authentication and authorization are configured using three statements: auth, getpwnam and getpwuid. Each statement takes a single argument: a string, containing a comma-separated list of assignments. An assignment specifies a particular attribute-value pair (see RADIUS Attributes: (radius)Overview section `Overview' in GNU Radius Reference Manual) to send to the server. The left-hand side of the assignment is a symbolic attribute name, as defined in one of Radius dictionaries (see Dictionary of Attributes: (radius)dictionary file section `dictionary file' in GNU Radius Reference Manual). The value is specified by the right-hand side of assignment. For example:

 
"Service-Type = Authenticate-Only, NAS-Identifier = \"mail\""

An assignment may contain references to the following macro-variables ():

user

The actual user name (for auth and getpwnam), or user ID (for getpwuid). For example:

 
User-Name = ${user}
passwd

User password. For examples:

 
User-Password = ${passwd}
Configuration: auth pairlist

Specifies the request to be sent to authenticate the user. For example:

 
auth "User-Name = ${user}, User-Password = ${passwd}";

The user is authenticated only if this request returns Access-Accept (see Access-Accept: (radius)Authentication Requests section `Authentication Requests' in GNU Radius Reference Manual). Any returned attribute-value pairs are ignored.

Configuration: getpwnam pairlist

Specifies the request that returns user information for the given user name. For example:

 
getpwnam "User-Name = ${user}, State = getpwnam, "
         "Service-Type = Authenticate-Only";

If the requested user account exists, the Radius server must return Access-Accept packet with the following attributes: GNU-MU-User-Name, GNU-MU-UID, GNU-MU-GID, GNU-MU-GECOS, GNU-MU-Dir, GNU-MU-Shell.

The attributes GNU-MU-Mailbox and GNU-MU-Quota are optional.

If GNU-MU-Mailbox is present, it must contain a valid mailbox URL (). If GNU-MU-Mailbox is not present, Mailutils constructs the mailbox name using the settings from the mailbox configuration statement (see section Mailbox Statement), or built-in defaults, if it is not present.

If GNU-MU-Quota is present, it specifies the maximum mailbox size for this user, in bytes. In the absence of this attribute, mailbox size is unlimited.

Configuration: getpwuid pairlist

Specifies the request that returns user information for the given user ID. In pairlist, the ‘user’ macro-variable is expanded to the numeric value of ID. For example:

 
getpwuid "User-Name = ${user}, State = getpwuid, "
         "Service-Type = Authenticate-Only";

The reply to getpwuid request is the same as to getpwnam request (see above).

GNU Mailutils Manual (split by node): Section: Back: 2.2.14 Virtdomain Statement Forward: 2.2.16 SQL Statement Chapter: FastBack: 2. Mailutils Programs Up: 2.2 Mailutils Configuration File FastForward: 3. Mailutils Libraries Doc: Contents: Table of Contents Index: Function Index   ?
This document was generated by Sergey Poznyakoff on December, 14 2010 using texi2html 1.78.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.