I'm trying to implement external authentication for an appliance running CentOS 7. My research turned up the easiest solution as simply installing pam_radius from the repository. I did, and it works just fine (tested against a Freeradius 3.0 server with a single test user.) Running freeradiux with '-X' indicates that is using PAP: (0) User-Name = "XXX" (0) User-Password = "XXX" (0) NAS-IP-Address = XXX.XXX.XXX.XXX (0) NAS-Identifier = "sshd" (0) NAS-Port = 15050 (0) NAS-Port-Type = Virtual (0) Service-Type = Authenticate-Only ... (0) Found Auth-Type = PAP (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok For security reasons, I'd really like to use CHAP instead, but it doesn't seem to support that? The man pages and such don't mention CHAP. I went as far as downloading 1.4.0 and extracting the tarball and looking at the code. User-Password is Radius attribute 2, and looking at the source: 0 radius.h <global> 71 #define PW_PASSWORD 2 and 1 pam_radius_auth.c add_password 541 attr = find_attribute(request, PW_PASSWORD); 2 pam_radius_auth.c add_password 543 if (type == PW_PASSWORD) { 3 pam_radius_auth.c build_radius_packet 721 add_password(request, PW_PASSWORD, password, conf->server->secret); 4 pam_radius_auth.c build_radius_packet 727 add_password(request, PW_PASSWORD, "", conf->server->secret); 5 pam_radius_auth.c talk_radius 975 add_password(request, PW_PASSWORD, password, old_password); 6 pam_radius_auth.c talk_radius 978 add_password(request, PW_PASSWORD, password, server->secret); Am I missing something? Or am I out of luck? Thanks!