Accounting with pam_radius_auth

Alan DeKok aland at
Tue Feb 20 10:36:25 CET 2007

Christophe Boyanique wrote:
> In fact the main problem is if I su to an unprivileged user, no accounting
> packet is sent and output displays:
> su: pam_radius_auth: Could not open configuration file /etc/raddb/server:
> Permission denid

  Yes.  That file has to be readable by the user.  This is a limitation
of PAM, I think, where the pam_radius_auth module is run as the user.

> I suppose that session part of pam runs as unprivilegied user and it can't
> open the /etc/raddb/server which is protected as advised in the
> documentation.


> Is this a common problem (I found nothing in the archive) or do I have a
> mistake in the pam configuration ?

  It's a problem.  A solution (a bad one) is to "chmod a+r" the files.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list