template user

Alan DeKok aland at deployingradius.com
Mon Nov 8 14:02:10 CET 2021


On Nov 7, 2021, at 11:50 PM, Farzad Sadeghi <thabogre at gmail.com> wrote:
> 
> Is there a way to use the same functionality as freebsd's pam_radius'
> "template_user"?
> the template_user option allows a user to authenticate as a "generic" user
> with a predefined template using radius on systems where they don't have a
> local account.

  Unfortunately, the PAM API does not provide a way for the PAM module to set UID / GID / etc.  And the PAM documentation is horrifically opaque.

  That being said, the "template_user" functionality seems relatively simple:

https://github.com/moe123/freebsd/blob/master/lib/libpam/modules/pam_radius/pam_radius.c#L309

  That might work, but I don't have time to test it right now.  If you could try porting that code to the pam_auth_radius module, that would help.  If it works, we can add that feature in.

  Alan DeKok.




More information about the Freeradius-Users mailing list