Add the krb5/FreeIPA RADIUS companion daemon

This daemon listens for RADIUS packets on a well known UNIX domain socket. When a packet is received, it queries LDAP to see if the user is configured for RADIUS authentication. If so, then the packet is forwarded to the 3rd party RADIUS server. Otherwise, a bind is attempted against the LDAP server. https://fedorahosted.org/freeipa/ticket/3366 http://freeipa.org/page/V3/OTP
author: Nathaniel McCallum <npmccallum@redhat.com> 2013-04-11 14:03:25 -0400
committer: Martin Kosek <mkosek@redhat.com> 2013-05-17 09:30:51 +0200
commit: 203754691c28243dd3cf378e98390fc0a455b485 (patch)
tree: f1574334a744f2b2b54c90a0eec08a985151447b /daemons/ipa-otpd/ipa-otpd.socket.in
parent: 5d51ae50a59466fa2d6d230d7f2879de34210f0c (diff)
download: freeipa-203754691c28243dd3cf378e98390fc0a455b485.tar.gz
freeipa-203754691c28243dd3cf378e98390fc0a455b485.tar.xz
freeipa-203754691c28243dd3cf378e98390fc0a455b485.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/daemons/ipa-otpd/ipa-otpd.socket.in b/daemons/ipa-otpd/ipa-otpd.socket.in
new file mode 100644
index 000000000..b968beaa7
--- /dev/null
+++ b/daemons/ipa-otpd/ipa-otpd.socket.in
@@ -0,0 +1,11 @@
+[Unit]
+Description=ipa-otpd socket
+
+[Socket]
+ListenStream=@krb5kdcdir@/DEFAULT.socket
+ExecStopPre=@UNLINK@ @krb5kdcdir@/DEFAULT.socket
+SocketMode=0600
+Accept=true
+
+[Install]
+WantedBy=krb5kdc.service
author	Nathaniel McCallum <npmccallum@redhat.com>	2013-04-11 14:03:25 -0400
committer	Martin Kosek <mkosek@redhat.com>	2013-05-17 09:30:51 +0200
commit	203754691c28243dd3cf378e98390fc0a455b485 (patch)
tree	f1574334a744f2b2b54c90a0eec08a985151447b /daemons/ipa-otpd/ipa-otpd.socket.in
parent	5d51ae50a59466fa2d6d230d7f2879de34210f0c (diff)
download	freeipa-203754691c28243dd3cf378e98390fc0a455b485.tar.gz freeipa-203754691c28243dd3cf378e98390fc0a455b485.tar.xz freeipa-203754691c28243dd3cf378e98390fc0a455b485.zip