Question on pam_radius_auth module getting INCORRECT

David Li dlipubkey at
Wed Apr 16 01:04:38 CEST 2014

Hi Alan,

I took out all the pam modules from my auth stack in /etc/pam/sshd except
for pam_radius_auth. The problem didn't go away.  I am not using SElinux

One interesting thing I noticed is that first login attempt always fails
due to this problem. But the second attempt after restarting the ssh
session then it succeeds. This makes me wonder if somehow the password was
stored on the first try and correctly retrieved on the second try.  But I
have no clue what happened.


> ------------------------------
> Message: 2
> Date: Mon, 14 Apr 2014 20:53:52 -0400
> From: Alan DeKok <aland at>
> To: FreeRadius users mailing list
>         <freeradius-users at>
> Subject: Re: Question on pam_radius_auth module getting INCORRECT
>         password
> Message-ID: <534C8320.8010907 at>
> Content-Type: text/plain; charset=UTF-8
> David Li wrote:
> > I am new to this. Please let me know if there is a better list to post
> > this question.
>   It's an OK list.
> > I have been trying to track down a wired problem. When a user is logging
> > via ssh, the pam_radius_auth module would try to retrieve the password
> > and send it to the radius server. But the password returned by the
> > rad_converse() function is INCORRECT.
> >
> > I have done some searching and found suggestions that there might be
> > something wrong with "other" module that is doing the password checking.
> >
> > My real question is how I can find out which module is the culprit.
>   It should be simple.  Look at the pam ssh file, and see which modules
> it's using.  Then, delete them one by one until it works.
>   But largely this is a PAM issue.  I know very little about PAM, even
> after spending time reading the docs and programming it.
>   Alan DeKok.
> ------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list