pam_radius - authenticate user not known to PAM

[Adam Bishop]

On 17 Jun 2016, at 11:27, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> PAM sucks.

That it does.

I'm trying reconfigure a dial in VPN to use pam_radius for authentication. Unfortunately, libreswan (the daemon in use) does not support EAP outside of PPP.

FreeRADIUS and pam_radius work absolutely fine, but because the user does not exist on the local system (I think) the authentication fails.

"Throw it in the bin and use StrongSwan and EAP" is my current favourite solution, but if anyone knows enough pam-fu to make PAM happy without a user having an entry in /etc/passwd you'll be able to save me half a day of work.

Bonus: RedHat seem to have compiled their PAM without debug or tracing support.

Regards,

Adam Bishop

  gpg: 0x6609D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.