Pam radius authentication

danieldinu at rdslink.ro danieldinu at rdslink.ro
Tue Oct 17 08:48:19 CEST 2006 

First of all, thank you for your reply. Until now, you are the only one.

Now, let's take it step by step:

This is a part of INSTALL:
**********************************************************************
 Redhat Linux > 5.0
**********************************************************************

  make.

  Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so

  In the per-application configuration (/etc/pam.d/application) add:

auth       sufficient   /lib/security/pam_radius_auth.so

  AFTER

auth       required     /lib/security/pam_securetty.so

  and BEFORE

auth       required     /lib/security/pam_unix_auth.so

  i.e.

auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_radius_auth.so
auth       required     /lib/security/pam_unix_auth.so

My linux is RedHat 9, so this part pertains to my machine : "Redhat Linux > 5.0"

"make.

  Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so" - already did...

"In the per-application configuration (/etc/pam.d/application) add:" - I want to use pam radius to authenticate ssh logins, so "(/etc/pam.d/application)" becomes "/etc/pam.d/sshd"

"auth       required     pam_securetty.so
auth       sufficient   pam_radius_auth.so debug
auth       required     /lib/security/pam_unix_auth.so"
-this part from INSTALL is identical to my /etc/pam.d/sshd...all of this modules deal with authentication ("auth"). pam_securetty verifies if root can login through tty by reading /etc/securetty. "required" means that this step is mandatory and that after this verification, the next authentication method will take place.
this is where pam_radius_auth comes. the messages are exchanged as explained in my my previuos e-mail. "sufficient" means that if this authentication succeeds, the following authentication methods will not be checked...in other terms: "auth       required     /lib/security/pam_unix_auth.so" will be passed.

I don't understand why you are saying that "you are invoking pam_radius_auth in the wrong place and for the wrong reason"...please, be more specific and if you know the right configuration, enlight me!

Again, any help would be appreciated!




>
>Hi,
>
>> anyone??? pls!!! no suggestions at all ? :(
>
>I'd read the INSTALL doc that coems as part of the pam_radius
>tool.
>
>> >   - cat /etc/pam.d/sshd
>> >#%PAM-1.0
>> >auth       required     pam_securetty.so
>> >auth       sufficient   pam_radius_auth.so debug
>> >auth       required     /lib/security/pam_unix_auth.so
>> >account    required     pam_radius_auth.so debug
>> >password   required     pam_stack.so service=system-auth
>> >session    required     pam_stack.so service=system-auth
>> >session    required     pam_limits.so
>> >session    optional     pam_console.so
>
>no. your invoking pam_radius_auth in the wrong place and for the wrong reason.
>again the INSTALL is your friend.
>
>
>your radius configuration appears to be correct
>
>alan
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list