SSH, PAM and FR authentication

David Li dlipubkey at
Wed May 14 02:01:54 CEST 2014


My question perhaps is crossing boundaries of Openssh, PAM and FR. I did
some Google search but can't seem to find an answer.

It seems if I don't have a user prior configured in a "datastore" e.g.
/etc/passwd, mysql or ldap, then my attempt to login using ssh as the user
would just fail even if I have the user set up in FR server. Several posts
on the Internet suggested that there might be a need for a "libnss-radius"
like package to allow ssh to look up the user in FR.

I am wondering if there are some security reasons that no such package has
been developed so far. People must have thought about this I guess. Besides
configuring the user id in a separate datastore prior to authentication, is
there any other way to solve this issue.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list