Authentication and authorization with PAM

JCA 1.41421 at gmail.com
Sat Jul 25 00:49:27 CEST 2015


I have a Linux L system in which the password authentication is
carried out against a remote RADIUS server R by means of PAM in L.
This works as expected, but I would like to use this mechanism to do
authorization chores, besides the authentication ones. As part of a
successful authentication, R will send back to L (in addition to the
successful authentication packet) a series of attributes that L will
interpret as authorization parameters - e.g. a list of groups that the
user that has been authenticated is to belong to.

My understanding is that the PAM RADIUS module pam_radius.so is the
one that interacts with the RADIUS server, and it therefore behooves
this module to interpret the authentication information, and act on
it. Looking into the documentation for the current pam_radius.so
module, it would seem that it contains no support for this - i.e. in
order to accomplish what I am describing I need to develop a PAM
RADIUS of my own. Is this correct?


More information about the Freeradius-Users mailing list