I use pam_radius to protect my servers. Using the sshd file in /etc/pam.d with this config: # Standard Un*x authentication. @include common-auth auth sufficient pam_radius_auth.so client_id=server22 My common-auth(/etc/pam.d/common-auth) looks like this: auth sufficient pam_script.so auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so Now when I try to login using for example root account the password is sent to radius too (but system seems to ignore the radius answer). I already tried to change the order, I would like to modify PAM in a way, all the default (local) PAM checks are runned before a check is made to radius. Where’s my fault? I think checking each login request first local will speed up the server performance. All the best;