Freeradius: change user passwords through pam_radius

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue May 28 00:13:28 CEST 2013


On 27 May 2013, at 18:03, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> 
> On 27 May 2013, at 15:26, Roberto Carna <robertocarna36 at gmail.com> wrote:
> 
>> Dear, I have a Linux box authenticating SSH users against Freeradius. It works OK.
>> 
>> When the users go into the Linux box via SSH, I need them to change their own radius passwords. For this reason, I edited the /etc/pam.d/passwd file as follow:
>> password   sufficient   pam_radius_auth.so
>> 
>> 
>> @include   common-auth
>> 
>> in order to communicate with our freeradius and change the user's password executing the "passwd" command in the shell.
>> 
>> But te passwords never chages and I get this error:
>> 
>> Password: 
>> New password: 
>> New password (again): 
>> Enter new UNIX password: 
>> Retype new UNIX password: 
>> passwd: Authentication token manipulation error
>> passwd: password unchanged
>> 
>> is it possible to do what I want ??
> 
> No.

Actually PAM radius code does have references to password change functionality. No idea how it works though. Recommend you RTFS.

https://github.com/FreeRADIUS/pam_radius/blob/master/pam_radius_auth.c

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list