3.33. <AuthBy UNIX> Previous topic Parent topic Child topic Next topic

<AuthBy UNIX> authenticates users from a user database stored in a standard Unix password file or similar format. It is implemented in AuthUNIX.pm. It does not log (but does reply to) accounting requests. For more information about the file format, see Section 9.4. Unix password file. Since Unix password files only have encrypted passwords, <AuthBy UNIX> can not work with CHAP or MSCHAP authentication.
For performance reasons, <AuthBy UNIX> opens and reads the password and group files at start-up, reinitialisation and whenever the file modification times change, (i.e. they are cached within Radiator). Since these files are cached in memory, large password files can require large amounts of memory. If you set the Nocache parameter, the files will be reread for every authentication, and will not be cached internally (this can be slow if you have a large password or group files, and should rarely be necessary).
It is not necessary to be running on a Unix host in order to use <AuthBy UNIX>. It will work equally well on Windows and NT, but you are probably less likely to need it there.
By using the Match parameter you can also specify other file formats if you need to.
When attempting to authenticate a user, <AuthBy UNIX> will encrypt the password from the user and compare it to the one in the password file. If the encrypted passwords match, AuthBy UNIX will reply with an Access-Accept message. If the user does not appear in the password file, an Access-Reject message is sent to the client. <AuthBy UNIX> caches the password file and group file internally, and rereads the files when the modification time changes. If the Nocache parameter is set the password and group files will be reread for every authentication.
It is important to note that on its own, <AuthBy UNIX> does not implement check or reply items, and therefore can only be used for “Authenticate only” applications. However, you can use it in conjunction with another AuthBy module that does use check and reply items. For more information, see Section 7. Check and reply items. If you do this, you can also use the Group check item, which will check whether the user is a member of a group defined in the GroupFilename file.
Tip
You can use AddToReply to easily add standard reply items to all users authenticated by <AuthBy UNIX>. For more information see Section 3.11.20. AddToReply
<AuthBy UNIX> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.26. <AuthBy xxxxxx>.