Authorization with Client PAM Library

Fajar A. Nugraha list at
Wed Oct 12 17:34:55 CEST 2011

On Wed, Oct 12, 2011 at 10:02 PM, Evan Huus <eapache at> wrote:
> The authentication part has been very simple thanks to the
> pam_radius_auth PAM module (I'm using the latest version: 1.3.17).
> Authorization has not been as simple.

what permission is that?

> The best solution I've come up with has pam_radius_auth forwarding the
> Access-Accept messages to a configurable port on the local machine.
> Our daemon can then listen on that port and extract the data it needs.
> This solution is very ugly, and I'm hoping that there's a better way
> I'm just not aware of.
> Any suggestions or information you can provide are very much appreciated.

If it's simple informations traditionally available on /etc/passwd and
such, you might have better luck hacking one of the available libnss-*
to create libnss-radius.


More information about the Freeradius-Users mailing list