| Users: | -R |
| Hints: | -- |
| Huntgroups: | -- |
| Additivity: | Replace |
| Proxy propagated: | No |
When present in RHS, the Exec-Program-Wait attribute specifies
the full pathname and arguments for the program to be executed when the
entry matches.
The command line can reference any attributes from both check and reply pairlists using attribute macros section Macro Substitution.
Before the execution of the program radiusd switches to
uid and gid of user daemon, group daemon. You can
override these defaults by setting variable exec-program-user
in configuration file to a proper value.
section option block.
The daemon will wait until the program terminates. The return value of its execution determines whether the entry matches. If the program exits with a non-zero code then the match fails. If it exits with a zero code, the match succeeds. In this case the standard output of the program is read and parsed as if it was a pairlist. The attributes thus obtained are added to the entry's reply attributes.
Suppose the `users' file contains the following entry:
DEFAULT Auth-Type = System,
Simultaneous-Use = 1
Exec-Program-Wait = "/usr/local/sbin/telauth \
%C{User-Name} \
%C{Calling-Station-Id}"
Then, upon successful matching, the program
`/usr/local/sbin/telauth' will be executed. It will get as its
arguments the values of User-Name and Calling-Station-Id
attributes from the request pairs.
The `/usr/local/sbin/telauth' can, for example, contain the following:
#! /bin/sh
DB=/var/db/userlist
if grep "$1:$2" $DB; then
echo "Service-Type = Login,"
echo "Session-Timeout = 1200"
exit 0
else
echo "Reply-Message = \"You are not authorized to log in\""
exit 1
fi
It is assumed that `/var/db/userlist' contains a list of
username:caller-id pairs for those users that are
authorized to use login service.
Go to the first, previous, next, last section, table of contents.