Index Index for
Section 5
Index Alphabetical
listing for R
Bottom of page Bottom of
page		 

RADIUS.FSM(5)


NAME

  radius.fsm - Interlink AAA Server finite state machine configuration file


SYNOPSIS

  ../raddb/radius.fsm


DESCRIPTION

  The radius.fsm file resides in the ../raddb directory.  It contains an
  entry for each state in the Interlink AAA Server finite state machine (FSM)
  table.  This file is optional and is used to modify the built-in (default)
  sequence of actions performed by the Interlink AAA Server.  Comments are
  indicated by leading pound sign ('#') characters.  All such comment lines
  are ignored (as are blank lines).

  Each state consists of one or more entries described below.  Each state
  starts with a line containing just the name of the state followed by a
  colon (':') character.  Subsequent lines have three required, and two
  optional, white-space delimited fields.  There is one line of the following
  form for each expected event this state should handle:

	  <event>	  <action>	    <next-state>      [<name=value>]
       [<name=string>]

  For example:

       Start:
		*.*.AUTHEN		 AUTHENTICATE	Await
       Await:
		Start.AUTHENTICATE.ACK	 REPLY		Hold
       Hold:
		*.*.TIMEOUT		 NULL		End

  The <event> field describes an event which has occurred and upon which the
  current state may be able to act.  The event field consists of three sub-
  fields separated by the period ('.') character.  The first sub-field is the
  name of the state from which the event was generated.	 This field may
  contain the "*" character to indicate a wild card state which matches any
  state.  The second sub-field is the name of the action which generated the
  event.  This field may contain the "*" character to indicate a wild card
  action which matches any action.  This action is the name of an
  Authentication/Authorization Transfer Vector (AATV, see below and the
  various Interlink authored white pages in the doc directory such as
  aatv.txt, aatv.cookbook.txt and binary.aatv.cookbook.txt).  The third sub-
  field is the name of an event from the list found in the include file,
  radius.h, for the Interlink AAA Server.  Here is sample list of some of
  these events:

     ACK	 acknowledgment of the previous action
     NAK	 negative acknowledgment of the previous action
     WAIT	 the previous action generated a pending event
     ERROR	 the previous action generated an error
     FATAL	 the previous action generated a fatal error
     DUP	 the incoming request is a duplicate
     TIMER	 the timer value has expired
     TIMEOUT	 the request has timed out due to inactivity
     AUTHEN	 the incoming request is an Access-Request
     ACCT	 the incoming request is an Accounting-Request
     PASSWD	 the incoming request is a Passwd-Request
     REACCESS	 the incoming request is is an Access-Request with State
     ACC_CHAL	 the incoming request is and Access-Challenge
     MGT_POLL	 the incoming request is is a Status-Server
     AUTH_ONLY	 the incoming request is for Authentication-Only
     RC1	 general purpose return code of one
     RC2	 general purpose return code of two
     RC3	 general purpose return code of three
     RC4	 general purpose return code of four
     RC5	 general purpose return code of five
     RC6	 general purpose return code of six
     RC7	 general purpose return code of seven
     RC8	 general purpose return code of eight
     RC9	 general purpose return code of nine
     RC10	 general purpose return code of ten
     RC11	 general purpose return code of eleven
     RC12	 general purpose return code of twelve

  The <action> field is the name of an AATV action function to invoke when
  the associated <event> occurs.  Here is a sample list of some of these
  AATVs:

     ACCT	    the AATV for Accounting requests
     ACK	    utility AATV used to always signify success
     AKERB	    the AATV for AFS Kerberos Authentication
     AUTHENTICATE   the AATV for Authentication requests
     CLEANUP	    utility AATV used to exit the FSM
     FILE	    the AATV for FILE Authentication
		    (available only with the Advanced Interlink AAA Server)
     KCHAP	    the AATV for KCHAP Authentication
     KILL	    utility AATV used to remove pending events
     LDAP	    the AATV for LDAP authentication
		    (available only with the Advanced Interlink AAA Server)
     LOG	    utility AATV used to log some error
		    (available only with the Advanced Interlink AAA Server)
     MKERB	    the AATV for MIT Kerberos Authentication
     NULL	    utility NULL AATV
     PASSWD	    the AATV used to handle Passwd-Requests
     PENDING	    utility AATV used to test for pending events
     RAD2RAD	    the AATV used to send RADIUS proxy requests
     RADDNS	    the AATV for resolving DNS names
     RADIUS	    the main AATV in the Interlink AAA Server
     REALM	    the AATV for handling realm based Authentication
     REDO	    utility AATV used to re-invoke an action
     REPLY	    utility AATV used to send a RADIUS reply
     SRV_STATUS	    the AATV for Status-Server requests
     TACACS	    the AATV for TACACS Authentication
     TIMEOUT	    utility AATV used to do timeout logging
     TIMER	    utility AATV used to initialize the timeout value
     UNIX-PW	    the AATV for for UNIX password file Authentication

  The <next-state> field indicates which state the FSM should enter following
  the completion of the <action>, even if that <action> was deferred in one
  of several ways allowed for an AATV.	Each such state must appear in the
  configuration file alone on a line and followed by a colon (':') character.

  The optional <name=value> and <name=string> fields are simple keyword/value
  pairs which allow any AATV to be given an arbitrary integer or string value
  (or both) as configured in the FSM table.  The name for integer values is
  XVALUE and the name for string values is XSTRING.

  NOTE: Only one action may result from entering any state and this from the
  first entry which matches the given event.

  If the file radius.fsm does not exist, the server will a built-in FSM
  table.  Here is a sample of one such built-in FSM table:

       Start:
		    *.+AUTHEN.ACK      AUTHENTICATE   REPLYhold
		    *.+AUTH_ONLY.ACK   AUTHENTICATE   REPLYhold
		    *.+ACCT.ACK	       ACCT	      REPLYhold
		    *.+MGT_POLL.ACK    SRV_STATUS     REPLYhold
		    *.*.NAK	       REPLY	      End
       REPLYhold:
		    *.*.ACK	       REPLY	      Hold
		    *.*.NAK	       REPLY	      Hold
		    *.*.ACC_CHAL       REPLY	      Hold
       Hold:
		    *.*.TIMEOUT	       NULL	      End
       End:

  The radius.fsm file is read by radiusd upon startup, or when a HUP signal
  is received by radiusd.  The Interlink AAA Server detects any out-of-date
  configuration files upon receipt of a Status-Server (or Management-Poll)
  request and re-reads all the configuration files.  This file is maintained
  by the system administrator using a text editor.


FILES

  .../raddb/radius.fsm
       finite state machine configuration file

  .../src/radius.h
       the main Interlink AAA Server include file

  .../doc/aatv.txt
       introduction to AATV concepts

  .../doc/aatv.cookbook.txt
       how to write an AATV

  .../doc/binary.aatv.cookbook.txt
       how to write a binary AATV


SEE ALSO

  signal(3), radiusd(8)

Index Index for
Section 5
Index Alphabetical
listing for R
Top of page Top of
page