Freeradius: change user passwords through pam_radius
Dear, I have a Linux box authenticating SSH users against Freeradius. It works OK. When the users go into the Linux box via SSH, I need them to change their own radius passwords. For this reason, I edited the /etc/pam.d/passwd file as follow: passwordsufficient pam_radius_auth.so above the following line password include system-auth
Dear, I have a Linux box authenticating SSH users against Freeradius. It works OK. When the users go into the Linux box via SSH, I need them to change their own radius passwords. For this reason, I edited the /etc/pam.d/passwd file as follow: password sufficient pam_radius_auth.so @include common-auth in order to communicate with our freeradius and change the user's password executing the "passwd" command in the shell. But te passwords never chages and I get this error: Password: New password: New password (again): Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged is it possible to do what I want ?? Special thanks.
On 27 May 2013, at 15:26, Roberto Carna <robertocarna36@gmail.com> wrote:
Dear, I have a Linux box authenticating SSH users against Freeradius. It works OK.
When the users go into the Linux box via SSH, I need them to change their own radius passwords. For this reason, I edited the /etc/pam.d/passwd file as follow: password sufficient pam_radius_auth.so
@include common-auth
in order to communicate with our freeradius and change the user's password executing the "passwd" command in the shell.
But te passwords never chages and I get this error:
Password: New password: New password (again): Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged
is it possible to do what I want ??
No. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
On 27 May 2013, at 18:03, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 27 May 2013, at 15:26, Roberto Carna <robertocarna36@gmail.com> wrote:
Dear, I have a Linux box authenticating SSH users against Freeradius. It works OK.
When the users go into the Linux box via SSH, I need them to change their own radius passwords. For this reason, I edited the /etc/pam.d/passwd file as follow: password sufficient pam_radius_auth.so
@include common-auth
in order to communicate with our freeradius and change the user's password executing the "passwd" command in the shell.
But te passwords never chages and I get this error:
Password: New password: New password (again): Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged
is it possible to do what I want ??
No.
Actually PAM radius code does have references to password change functionality. No idea how it works though. Recommend you RTFS. https://github.com/FreeRADIUS/pam_radius/blob/master/pam_radius_auth.c Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
OK Alan thanks...do you know if is there any way that let users to change their own Radius passwords by themselves ??? Thanks again. Roberto 2013/5/27 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
On 27 May 2013, at 18:03, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 27 May 2013, at 15:26, Roberto Carna <robertocarna36@gmail.com>
wrote:
Dear, I have a Linux box authenticating SSH users against Freeradius.
It works OK.
When the users go into the Linux box via SSH, I need them to change
their own radius passwords. For this reason, I edited the /etc/pam.d/passwd file as follow:
password sufficient pam_radius_auth.so
@include common-auth
in order to communicate with our freeradius and change the user's password executing the "passwd" command in the shell.
But te passwords never chages and I get this error:
Password: New password: New password (again): Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged
is it possible to do what I want ??
No.
Actually PAM radius code does have references to password change functionality. No idea how it works though. Recommend you RTFS.
https://github.com/FreeRADIUS/pam_radius/blob/master/pam_radius_auth.c
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Roberto Carna wrote:
OK Alan thanks...do you know if is there any way that let users to change their own Radius passwords by themselves ???
You were responding to Arran, not Alan. The only way for users to change the RADIUS password is to give them some kind of access to the database used by RADIUS. i.e. RADIUS doesn't store passwords. Databases store passwords. So changing passwords isn't a RADIUS issue. It's a database issue. Alan DeKok.
participants (3)
-
Alan DeKok -
Arran Cudbard-Bell -
Roberto Carna