Hi All, I have requirements that I prevent users with a shell of /dev/null from authenticating against freeradius server. Using the rpm provided with RHEL4.0: radiusd: FreeRADIUS Version 1.0.1 I am using the unix module and pam. /dev/null is not listed as a valid shell in /etc/shells, and accounts with /dev/null are currently able to log in (via the DEFAULT entry in the users file). /etc/passwd is not used and accounts are stored on a ldap server. users: DEFAULT Auth-Type = PAM Service-Type = Framed-User, Framed-Protocol = PPP, Ascend-Idle-Limit = 1200, Ascend-Maximum-Time = 15800 radiusd.conf: pam { pam_auth = radiusd } /etc/pam.d/radiusd: auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth /etc/shells: /bin/sh /bin/bash /sbin/nologin /bin/ash /bin/bsh /bin/ksh /usr/bin/ksh /usr/bin/pdksh /bin/tcsh /bin/csh /bin/zsh Any ideas around this? Thanks
On Tuesday 25 October 2005 16:42, Scott Walker wrote:
Hi All, I have requirements that I prevent users with a shell of /dev/null from authenticating against freeradius server.
Using the rpm provided with RHEL4.0: radiusd: FreeRADIUS Version 1.0.1
I am using the unix module and pam. /dev/null is not listed as a valid shell in /etc/shells, and accounts with /dev/null are currently able to log in (via the DEFAULT entry in the users file). /etc/passwd is not used and accounts are stored on a ldap server.
Any ideas around this?
Google for "PAM /etc/shells auth". I got lucky and found an answer in the first link. #auth required /lib/security/pam_shells.so You still should read PAM docs to determine where to put this line. Kevin Bonner
participants (2)
-
Kevin Bonner -
Scott Walker