pppd-radattr
Pass RADIUS attributes to pppd
SYNOPSIS
pppd [options] plugin radattr.so [radattr_options]
PARAMETERS
radattr-exec path
Specifies the absolute path to the executable that will be run after successful authentication. The attributes found in RADIUS response will be passed as arguments to this executable.
radattr-attribute attribute_name
Specifies the RADIUS attribute name that pppd-radattr should look for. Multiple instances of this option can be used to specify multiple attributes. The value of the attribute will be used as the argument for the executable.
DESCRIPTION
The pppd-radattr plugin for the Point-to-Point Protocol Daemon (pppd) allows pppd to send RADIUS attributes received from the authentication server to external processes. Specifically, after authentication completes, pppd-radattr searches for specific RADIUS attributes and, if found, executes a user-specified program with the values of those attributes as arguments. This enables dynamic configuration of the system based on RADIUS authentication results. The configuration of the program to be executed, attribute names, and the path to the executable are defined in the pppd configuration file.
This functionality is vital for network service providers needing to dynamically manage user sessions, bandwidth limits, or other parameters based on user authentication. It allows policies to be set centrally on the RADIUS server and enforced locally by pppd.
CAVEATS
Incorrectly configuring the path or attributes can lead to security vulnerabilities. Ensure the executable specified is trustworthy and handles inputs safely.
SECURITY CONSIDERATIONS
When using pppd-radattr, take extra care in verifying the attributes and the executable path. A misconfigured path will cause the daemon to execute the wrong program leading to unwanted system behaviour.
HISTORY
The pppd-radattr plugin was developed to enhance the flexibility of pppd by integrating it with RADIUS authentication systems. Historically, pppd configurations were often static, requiring manual changes for each user or service. pppd-radattr provides a dynamic approach, enabling network administrators to manage user sessions and policies centrally through the RADIUS server. Its usage grew with the expansion of broadband access and the need for sophisticated access control and bandwidth management.
SEE ALSO
pppd(8), radiusd(8)