On Sun, Feb 06, 2011 at 11:11:58AM +0000, Brian Candler wrote:
1. If pam_radius_client doesn't have the ability to bind to a particular port, then you can modify the source code to do so. The call you need is bind() after the socket has been created.
Ah, it turns out the code to do this is already there: (pam_radius_auth.c) /* * Use our process ID as a local port for RADIUS. */ local_port = (getpid() & 0x7fff) + 1024; do { local_port++; s_in->sin_port = htons(local_port); } while ((bind(conf->sockfd, &salocal, sizeof (struct sockaddr_in)) < 0) && (local_port < 64000)); if (local_port >= 64000) { close(conf->sockfd); _pam_log(LOG_ERR, "No open port we could bind to."); return PAM_AUTHINFO_UNAVAIL; } As you can see, the initial local_port is currently chosen in the range 1024 to 33791 (1024+32767), essentially at random, and if that one is in use then it keeps incrementing until it finds a free one under 64000. Adjust to use whatever range you like.
2. I think you said before you only wanted to make sure that the port was
32768. So you can configure your OS so that *all* outbound connections bind to ports >32768.
Sorry, that won't work here, because the code is choosing its local port explicitly. Regards, Brian.