pam_auth_radius
Marc Phillips
rmarc at copacetic.net
Thu Feb 17 02:10:46 CET 2011
Not sure if this is the appropriate forum for this, but
I'll type it anyway.
I have a need to add centralized auth and accounting to
unix boxes (specifically a linux based "appliance." It's
not really an actual appliance, just a standard linux box that
a vendor provides).
For my normal unix* boxes I have an identity management system.
For appliances and network devices I use Radius, mostly.
For this new appliance, I'd like to use Radius, but I don't want
to manage users or what groups they belong to on the device itself.
I'd like to have the users auth against Radius and then apply a
group based on an attribute recieved.
I've done a little looking and I see no group support for
pam_auth_radius. One thought I had was to add some sort of auto
provision function to the pam module to add the user and associate
that user with a group via the supplied attribute from radius, then
remove the user on logout.
Any thoughts on this? Is there some other method that would be
more appropriate? I have use for this for other psuedo-appliances.
I've tried using LDAP for those, but the chatter with vendor supplied
ldap modules was unmanagable.
R. Marc
More information about the Freeradius-Users
mailing list