Hi list,
I browsed quite a long time all previous threads and various material available on the web, with no success. So maybe someone can help wit this...
I am using the latest available release of FreeRADIUS on my Linux server (RHEL 5.3, x86_64), with authentication against local users file. This works like a charm so far. Authentication is set up in this order: pam_radius_auto.so, then pam_unix.so.
Is there a way to configure the pam_radius_auto.so module so that as long as the FreeRADIUS daemon is up and running, authentications will be *only* performed against FreeRADIUS, and all other authentication methods are ignored (even if this account exists locally, not in FreeRADIUS)? Of course, if FreeRADIUS is stopped or does not respond anymore, authentication against regular Linux files would work.
I am only looking to make it work for the login process (local ttys).
This is an example of my /etc/pam.d/login file:
--snip--
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth [success=done new_authtok_reqd=done authinfo_unavail=ignore ignore=ignore default=die] pam_radius_auth.so ruser debug
auth required pam_unix.so use_first_pass
#auth include system-auth
account required pam_nologin.so
#account required pam_radius_auth.so
#account include system-auth
--snip--