local ssh authentication via radius possible?
Alan DeKok
aland at deployingradius.com
Mon Nov 26 22:48:11 CET 2007
Dan Gahlinger wrote:
> I'm not fighting you at all.
<shrug> Having answered questions on this list for nearly a decade, I
see patterns.
> All of your answers previously were "read the documentation, it's there".
> well, it's not. definitely not.
The parts I was pointing you to were documented. Or, I was pointing
you to other non-RADIUS documentation. i.e. PAM.
> the pam_radius_auth link you gave me states:
...
> take a look at my config - /etc/pam.d/sshd
Which is different. Unfortunately, every distribution has their own
"special" flavor of their PAM configuration. The documentation in
pam_radius_auth is generic, and matches many commonly used
configurations. If it doesn't, see:
a) the documentation for your OS
b) the generic PAM documentation
i.e. configuring PAM to use pam_radius_auth is a... PAM issue. The
best place to look for help is the PAM documentation, or a PAM list, or
OS-specific help.
> a "Default" radiusd install with NO changes (except server file as follows:
> 127.0.0.1 testing123 3
>
> users in password file can login, but it doesn't seem to be using radius.
Then see the PAM documentation for debugging, and how to see if it's
calling pam_radius_auth.
> the documentation for pam is as clear as mud. did it mean to modify the
> login file like this:
...
Modifying the "login" file affects only the "login" process. Not "sshd".
> because that doesnt make any difference either. same result as with just
> sshd above
See the PAM documentation for debugging PAM. Once you have it calling
pam_radius_auth, ask more questions here.
Alan DeKok.
More information about the Freeradius-Users
mailing list