dearambermini at gmail.com
Tue Jun 26 03:30:19 CEST 2018
Another point I would like to bring forth is that pam_radius_auth.so is
also one of the pam modules ( it implements thoese pam_sm_*(...) APIs) .
You might be right that another pam module is failing to cause the issue
but such pam modules conflicts would have been an issue when you were
In this way, you might know which pam module is the culprit?
I commented all the pam modules in /etc/pam.d/sshd except
pam_radius_auth.so, restart ssh service, but the password passed to radius
server is still a mess... So should I comment more pam modules in
common-auth or common-password?
On Tue, Jun 26, 2018 at 10:51 AM, Alan DeKok <aland at deployingradius.com>
> On Jun 25, 2018, at 8:10 PM, Hailun Tan <dearambermini at gmail.com> wrote:
> > I think my problem is related to the following thread a couple of years
> > http://freeradius.1045715.n5.nabble.com/ssh-authentication-
> > However, in the link above, no one has ever mentioned how to configurate
> > PAM to read the password from the conversation function correctly?
> You don't.
> The problem is that ANOTHER PAM module is failing. So the PAM libraries
> are mangling the password.
> There is NOTHING you can do to FreeRADIUS or pam_radius_auth to fix the
> You MUST modify the PAM configuration on the client machine to remove
> the problem PAM module.
> > The replies kept saying modifying PAM modules instead of
> > pam_radius_auth.so. But to be honest, the pam_radius_auth.c is one of the
> > customized PAM modules. If pam_radius_auth.so is not the one to be
> > modified, which one should be? No one has ever given any answers to
> The answers in the link you posted are pretty clear.
> > I hate asking the same question repeatedly. However, unless a viable
> > solution is given, these question will keep popping back to the mail
> > So for those free radius gurus, please advise how to fix it even though
> > might not directly be related to free radius.
> Fix the PAM configuration on the client. The link you posted says this.
> How to fix it? I don't know... go ask the PAM people how their software
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
More information about the Freeradius-Users