System Shell Accounts
The shell account, a popular service 5 to 10 years ago but less so now, is a unique type of connection that allowed access to the command line of a remote server. Users would dial in to some NAS gear, which would open a channel to the remote “shell server,” and it would then prompt the user for authentication information. Assuming he provided proper credentials, the user was authenticated, got a shell prompt on the remote machine, and the NAS acted as the pass through from the client to the server. That’s an important distinction, since with shell accounts the user is not provided with a direct IP address for the remote network. Since he doesn’t have his own IP, he must talk with a system that does in this scenario.
There are two common types of protocols used to connect to shell accounts on machines: Rlogin and Telnet. Rlogin was more popular, since it was the most configurable of the two, but Telnet is more secure. The RADIUS server, however, must be prepared to support both protocols. An example configuration stanza from the RADIUS users file for shell account access is listed in Example 10-1.
Jonathan
Service-Type = Login,
Login-Service = Telnet,
Login-IP-Host = 172.16.1.37
Anna
Service-Type = Login,
Login-Service = Rlogin,
Login-IP-Host = 172.16.1.38Of course, you can default the configuration—meaning all users will use the same configuration, with Rlogin—by using the excerpt shown in Example 10-2 ...