Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  NET::RADIUS::SERVER (3)

.ds Aq ’


Net::Radius::Server - Framework for RADIUS Servers



  use Net::Radius::Server;


Net::Radius::Server provides an extensible framework to create RADIUS servers suitable for non-standard scenarios where authentication needs to consider multiple factors. The RADIUS responses may be created by arbitrarily complex rules that process the request packet as well as any external data accessible to Perl.

RADIUS request processing can as well include custom — and sometimes complex — processes. For instance, you could want to record a copy of every RADIUS request received by the server for audit purposes.

The following modules or module hierarchies are included in this distribution as well:
Net::Radius::Server::NS This class uses Net::Server(3) to construct a complete RADIUS server.
Net::Radius::Server::Base A general base class that contains exported constants and methods for the framework.
Net::Radius::Server::DBStore Provide access to an underlying Berkeley DB Database for storing attributes received in the RADIUS requests or in any tuple provided at transaction processing time.
Net::Radius::Server::Match The base model for match methods. Match methods are used to decide whether a given rule can be applied. Match methods usually operate on the RADIUS request as well as the peer data and other environmental factors.
Net::Radius::Server::Match::Simple This is a simplistic match-method factory that can test for a variety of conditions (peer address and port, RADIUS request type, presence and contents of specific attribues).
Net::Radius::Server::Set The base model for set methods. Set methods are expected to craft a response packet and instruct the RADIUS server how/when/if respond to the given request.
Net::Radius::Server::Set::Simple An example of set-method factory class. It allows for setting specific RADIUS attributes, both standard and vendor-specific and setting packet codes.
As you might have guessed by now, implementation of new features is done through subclassing and overriding of selected functions. This provides for an isolated yet well integrated environment.

    The invocation hashref

Net::Radius::Server::Match ->match() methods, Net::Radius::Server::Set ->set() methods and the secret, dictionary and rule subs described in Net::Radius::Server::NS are invoked passing a single hash reference as argument. This hash reference is shared through all the calls, providing an effective means to have those objects share some space on a per-request basis.

The hashref contains the following entries:
<B>packetB> The RADIUS packet data received with no conversions.
<B>peer_addrB> The address of the peer that sent the RADIUS packet.
<B>peer_hostB> If available, the reverse of <B>peer_addrB>.
<B>peer_portB> The socket port used by our peer to send the RADIUS packet.
<B>portB> The local socket port through which the RADIUS packet was received.
<B>serverB> Only available under Net::Radius::Server::NS, this is the Net::Server object used to service requests.
<B>secretB> Only available after calling the method returned by the nrs_secret_script under Net::Radius::Server::NS. This is the RADIUS shared secret used to encode and decode valid requests.
<B>dictB> Only available after calling the method returned by the nrs_dictionary_script under Net::Radius::Server::NS. This is the RADIUS dictionary used to encode and decode valid requests.
<B>requestB> After succesful decoding, that requires both a correct secret and a dictionary, this entry contains the RADIUS request in a Net::Radius::Packet object.
<B>responseB> After succesful decoding, that requires both a correct secret and a dictionary, this entry contains an empty RADIUS packet as a Net::Radius::Packet object. ->set() methods are expected to modify this packet to craft a suitable response.

    Using Linux-PAM and LDAP

The accompanying modules can use LDAP and Linux-PAM to authenticate users or otherwise, make more complex choices. An example used by the author, uses an LDAP attribute to decide if the username must be authenticated through RADIUS proxying or against an LDAP server.

Other uses are possible, such as adding specific RADIUS attributes to the responses based on LDAP attributes.


None by default.


  Revision 1.4  2007/01/02 23:27:11  lem
  Added missing prerequisites. Also documented what can be done with
  LDAP and Linux-PAM

  Revision 1.3  2006/12/14 15:52:25  lem
  Fix CVS tags


Perl(1), Net::Radius::Packet(3), Net::Radius::Server::NS(3), Net::Server(3).


Luis E. Munõz, <>


Copyright (C) 2006 by Luis E. Munõz

This library is free software; you can redistribute it and/or modify it under the same terms as Perl 5.8.6 itself.


Hey! <B>The above document had some coding errors, which are explained below:B>
Around line 182: Non-ASCII character seen before =encoding in ’Munõz,’. Assuming UTF-8
Search for    or go to Top of page |  Section 3 |  Main Index

perl v5.20.3 NET::RADIUS::SERVER (3) 2009-10-15

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.