#  -*- text -*-
#
#
#  $Id: 0529fa24c9cb0eec12cc70ded32f58edb2283ca8 $

#######################################################################
#
#  = Unix Module
#
#  The `unix` module calls the system `getpwnam()` functions to get
#  the `known good` password for the `User-Name`.
#
#  If the passwords are in /etc/shadow, you will need to set the
#  `group` configuration in `radiusd.conf` so that the server can read
#  /etc/shadow.
#
#  Look for "shadow", and follow the instructions there.
#
#  NOTE: This password is usually in the `crypt` form, and is incompatible
#  with `CHAP`, `MS-CHAP`, `PEAP`, etc*.
#
#  == Group Comparisons
#
#  The module also registers a Unix group expansion, where it is possible
#  to check if the user is a member of a particular Unix group.
#
#    if (%unix.group(admin)) { ...
#
#  The expansion returns `true` if the `User-Name` is a membber of the given
#  group, and `false` otherwise.
#
#  The old `Unix-Group`, `Group`, and `Group-Name` attributes and comparisons
#  are no longer supported.
#

#
#  ## Configuration Settings
#
unix {
	#
	#  radwtmp:: The location of the `wtmp` file.
	#
	#  The only use for `radlast`.  If you don't use `radlast`,
	#  then you can comment out this item.
	#
	#  NOTE: The radwtmp file may get large!  You should rotate it
	#  (cp /dev/null radwtmp), or just not use it.
	#
	#  The default is to not use radwtmp files.  It's better to
	#  use a database.
	#
#	radwtmp = ${logdir}/radwtmp
}
