First of all, thank you for your reply. Until now, you are the only one. Now, let's take it step by step: This is a part of INSTALL: ********************************************************************** Redhat Linux > 5.0 ********************************************************************** make. Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so In the per-application configuration (/etc/pam.d/application) add: auth sufficient /lib/security/pam_radius_auth.so AFTER auth required /lib/security/pam_securetty.so and BEFORE auth required /lib/security/pam_unix_auth.so i.e. auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_radius_auth.so auth required /lib/security/pam_unix_auth.so My linux is RedHat 9, so this part pertains to my machine : "Redhat Linux > 5.0" "make. Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so" - already did... "In the per-application configuration (/etc/pam.d/application) add:" - I want to use pam radius to authenticate ssh logins, so "(/etc/pam.d/application)" becomes "/etc/pam.d/sshd" "auth required pam_securetty.so auth sufficient pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so" -this part from INSTALL is identical to my /etc/pam.d/sshd...all of this modules deal with authentication ("auth"). pam_securetty verifies if root can login through tty by reading /etc/securetty. "required" means that this step is mandatory and that after this verification, the next authentication method will take place. this is where pam_radius_auth comes. the messages are exchanged as explained in my my previuos e-mail. "sufficient" means that if this authentication succeeds, the following authentication methods will not be checked...in other terms: "auth required /lib/security/pam_unix_auth.so" will be passed. I don't understand why you are saying that "you are invoking pam_radius_auth in the wrong place and for the wrong reason"...please, be more specific and if you know the right configuration, enlight me! Again, any help would be appreciated!
Hi,
anyone??? pls!!! no suggestions at all ? :(
I'd read the INSTALL doc that coems as part of the pam_radius tool.
- cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so account required pam_radius_auth.so debug password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so
no. your invoking pam_radius_auth in the wrong place and for the wrong reason. again the INSTALL is your friend.
your radius configuration appears to be correct
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I don't understand why you are saying that "you are invoking pam_radius_auth in the wrong place and for the wrong reason"...please, be more specific and if you know the right configuration, enlight me!
#%PAM-1.0 auth required pam_securetty.so auth sufficient pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so account required pam_radius_auth.so debug ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
explain alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
danieldinu@rdslink.ro