<div dir="ltr">Thanks Eero and Alan, this is exactly the information I was looking for.<div><br></div><div>I had a feeling that a new "feature" wasn't going to be necessary, thanks for the confirmation.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, May 14, 2014 at 12:05 PM, Eero Volotinen <span dir="ltr"><<a href="mailto:eero.volotinen@iki.fi" target="_blank">eero.volotinen@iki.fi</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">this is pam related configuration..<div><br></div><div>take look of this example:</div><div><br></div><div>
<div style="color:rgb(51,51,51);margin:0px!important;padding:0px 1em 0px 0px!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;line-height:20px!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;font-size:14px!important;min-height:inherit!important;white-space:nowrap!important">

<code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important"># Prevent the following </code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,153,0)!important">1</code> <code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">rule from applying to root</code></div>

<div style="color:rgb(51,51,51);margin:0px!important;padding:0px 1em 0px 0px!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;line-height:20px!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;font-size:14px!important;min-height:inherit!important;white-space:nowrap!important">

<code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">auth [</code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;font-weight:bold!important;min-height:inherit!important;color:rgb(51,102,153)!important">default</code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">=</code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,153,0)!important">1</code> <code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">success=ignore] pam_succeed_if.so uid > </code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,153,0)!important">0</code></div>

<div style="color:rgb(51,51,51);margin:0px!important;padding:0px 1em 0px 0px!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;line-height:20px!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;font-size:14px!important;min-height:inherit!important;white-space:nowrap!important">

<code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important"># Configure PAM to use RADIUS with possible to local fallback, only </code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;font-weight:bold!important;min-height:inherit!important;color:rgb(51,102,153)!important">if</code> <code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">radius/proxy server is down..</code></div>

<div style="color:rgb(51,51,51);margin:0px!important;padding:0px 1em 0px 0px!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;line-height:20px!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;font-size:14px!important;min-height:inherit!important;white-space:nowrap!important">

<code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">auth [success=done new_authtok_reqd=done ignore=ignore </code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;font-weight:bold!important;min-height:inherit!important;color:rgb(51,102,153)!important">default</code><code style="font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace!important;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;color:rgb(0,0,0)!important">=die] pam_radius_auth.so localifdown</code></div>

</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-05-14 21:43 GMT+03:00 Bob Probert <span dir="ltr"><<a href="mailto:bruisebrotherprobert@gmail.com" target="_blank">bruisebrotherprobert@gmail.com</a>></span>:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hello all,<div><br></div><div>I'm developing PAM policy for a server in which my organization doesn't have control of the RADIUS infrastructure. This particular system is using the RADIUS PAM module only for authentication purposes -- an account must be present on the system in order for a login to be successful. </div>


<div><br></div><div>The users of this system must never have access to two accounts -- one we'll call 'system' the other is 'root'. The PAM configuration has 'PAM_RADIUS auth sufficient' prior to Unix auth. I'm concerned that if a RADIUS administrator adds an account for 'root' or 'system' in the RADIUS infrastructure, the user will then get unauthorized "root" or "system" access.</div>


<div><br></div><div>Has anyone on the list encountered a similar issue? After inspecting the RADIUS PAM module code, it appears that there aren't any hooks for disabling RADIUS auth for certain users. This appears to be a rather trivial feature to implement, if I add this functionality to the module, is there any interest in my patch? Any other ideas?</div>


<div><br></div><div>Thanks!</div></div>
<br></div></div><div class="">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></blockquote></div><br></div>
<br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br></div>