local ssh authentication via radius possible?
Dan Gahlinger
dgahling at hotmail.com
Mon Nov 26 23:02:59 CET 2007
the pam_radius_auth documentation says to email YOU and refers to the radius mailing list,
which is where I am. you are the author of that as well.
There's no useful documentation on pam on the system, man pages are useless.
I'll try to find a PAM mailing list.
yes, I guess after decades you get tired of answering questions of newbies.
I'd have thought this would all be well documented by now. oh well.
> Date: Mon, 26 Nov 2007 22:48:11 +0100
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: local ssh authentication via radius possible?
>
> Dan Gahlinger wrote:
> > I'm not fighting you at all.
>
> <shrug> Having answered questions on this list for nearly a decade, I
> see patterns.
>
> > All of your answers previously were "read the documentation, it's there".
> > well, it's not. definitely not.
>
> The parts I was pointing you to were documented. Or, I was pointing
> you to other non-RADIUS documentation. i.e. PAM.
>
> > the pam_radius_auth link you gave me states:
> ...
> > take a look at my config - /etc/pam.d/sshd
>
> Which is different. Unfortunately, every distribution has their own
> "special" flavor of their PAM configuration. The documentation in
> pam_radius_auth is generic, and matches many commonly used
> configurations. If it doesn't, see:
>
> a) the documentation for your OS
> b) the generic PAM documentation
>
> i.e. configuring PAM to use pam_radius_auth is a... PAM issue. The
> best place to look for help is the PAM documentation, or a PAM list, or
> OS-specific help.
>
> > a "Default" radiusd install with NO changes (except server file as follows:
> > 127.0.0.1 testing123 3
> >
> > users in password file can login, but it doesn't seem to be using radius.
>
> Then see the PAM documentation for debugging, and how to see if it's
> calling pam_radius_auth.
>
> > the documentation for pam is as clear as mud. did it mean to modify the
> > login file like this:
> ...
> Modifying the "login" file affects only the "login" process. Not "sshd".
>
> > because that doesnt make any difference either. same result as with just
> > sshd above
>
> See the PAM documentation for debugging PAM. Once you have it calling
> pam_radius_auth, ask more questions here.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
Express yourself with free Messenger emoticons. Get them today!
http://www.freemessengeremoticons.ca/?icid=EMENCA122
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071126/ac74cddc/attachment.html>
More information about the Freeradius-Users
mailing list