Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Ascend-Third-Prompt



On Tue, 24 Feb 1998, Jim Segrave wrote:

> > 
> > > Do anyone know how to handle input for Ascend-Third-Prompt attribute?  I
> > > use it as a check item in my merit radius's user file to check for the
> > > user's input.  But it seems doesn't work.  Any idea!
> > 
> > Well, since in the dim and distant past this feature was added as
> > compatibility for us, I should know how it works - but I cannot remember.
> > Hopefully one of my colleagues could find the details, but as some
> > background - we run our own RADIUS server, very loosely based on the
> > Livingston code (I think most of the original code went out the window), and
> > the use we make of it is as follows:
> > 
> > 	login: username
> > 	Password:
> > 	Protocol: ppp,idle=600
> > 
> > Where the "Protocol: " prompt is the third prompt, and we use it to supply
> > further information to the RADIUS server regarding the users requirements in
> > the initial exchange. This is different from the challenge-response way of
> > doing things, as by then the login/password has already gone to the server.
> > Netcom (and others I am sure) do this by tagging stuff on after the
> > username:
> 
> 
> All correct Peter. It is passed in the first request. If you want it
> to be a check item, you should be able to add it to the user's Radius
> entry on the same line as the user name and password:
> 
> username Password = "UNIX", Ascend-Third-Prompt = "not-so-secret-password'
>    ...
> 
> This should work with the Merit server. If you want to do more
> interesting things with it, then the source is your only hope.
> 

It works.  However, if we want to use 
Ascend-Third-Prompt = "ppp"
Ascend-Third-Prompt = "slip"
Ascend-Third-Prompt = "unix"
to distingish service assigns to the same username.  Then we may need 3
entries for the same users.  It is ok if the user size is small.  However,
as an isp, we use the unix 'passwd' file for user authentication and use
the 'DEFAULT' entry instead (only one default entry).  How can it be done?
Any 'or' combination?

Best Regards
Sk Pang
IOHK

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


Follow-Ups: References: