local ssh authentication via radius possible?

Dan Gahlinger dgahling at hotmail.com
Mon Nov 26 23:02:59 CET 2007


the pam_radius_auth documentation says to email YOU and refers to the radius mailing list,
which is where I am. you are the author of that as well.

There's no useful documentation on pam on the system, man pages are useless.

I'll try to find a PAM mailing list.

yes, I guess after decades you get tired of answering questions of newbies.
I'd have thought this would all be well documented by now. oh well.

> Date: Mon, 26 Nov 2007 22:48:11 +0100
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: local ssh authentication via radius possible?
> 
> Dan Gahlinger wrote:
> > I'm not fighting you at all.
> 
>   <shrug>  Having answered questions on this list for nearly a decade, I
>  see patterns.
> 
> > All of your answers previously were "read the documentation, it's there".
> > well, it's not. definitely not.
> 
>   The parts I was pointing you to were documented.  Or, I was pointing
> you to other non-RADIUS documentation.  i.e. PAM.
> 
> > the pam_radius_auth link you gave me states:
> ...
> > take a look at my config - /etc/pam.d/sshd
> 
>   Which is different.  Unfortunately, every distribution has their own
> "special" flavor of their PAM configuration.  The documentation in
> pam_radius_auth is generic, and matches many commonly used
> configurations.  If it doesn't, see:
> 
>   a) the documentation for your OS
>   b) the generic PAM documentation
> 
>   i.e. configuring PAM to use pam_radius_auth is a... PAM issue.  The
> best place to look for help is the PAM documentation, or a PAM list, or
> OS-specific help.
> 
> > a "Default" radiusd install with NO changes (except server file as follows:
> > 127.0.0.1       testing123             3
> > 
> > users in password file can login, but it doesn't seem to be using radius.
> 
>   Then see the PAM documentation for debugging, and how to see if it's
> calling pam_radius_auth.
> 
> > the documentation for pam is as clear as mud. did it mean to modify the
> > login file like this:
> ...
>   Modifying the "login" file affects only the "login" process.  Not "sshd".
> 
> > because that doesnt make any difference either. same result as with just
> > sshd above
> 
>   See the PAM documentation for debugging PAM.  Once you have it calling
> pam_radius_auth, ask more questions here.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

_________________________________________________________________
Express yourself with free Messenger emoticons. Get them today!
http://www.freemessengeremoticons.ca/?icid=EMENCA122
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071126/ac74cddc/attachment.html>


More information about the Freeradius-Users mailing list