No subject

Hailun Tan dearambermini at gmail.com
Tue Jun 26 03:30:19 CEST 2018 

Another point I would like to bring forth is that pam_radius_auth.so is
also one of the pam modules ( it  implements thoese pam_sm_*(...) APIs) .
You might be right that another pam module is failing to cause the issue
but such pam modules conflicts would have been an issue when you were
testing  pam-radius_auth.so?

In this way, you might know which pam module is the culprit?

I commented all the pam modules in /etc/pam.d/sshd except
pam_radius_auth.so, restart ssh service,  but the password passed to radius
server is still a mess... So should I comment more pam modules in
common-auth or common-password?

Please advise.






On Tue, Jun 26, 2018 at 10:51 AM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Jun 25, 2018, at 8:10 PM, Hailun Tan <dearambermini at gmail.com> wrote:
> >
> > I think my problem is related to the following thread a couple of years
> ago:
> >
> > http://freeradius.1045715.n5.nabble.com/ssh-authentication-
> failed-problem-use-freeradius-amp-pam-radius-td5687733.html
> >
> > However, in the link above, no one has ever mentioned how to configurate
> > PAM to read the password from the conversation function correctly?
>
>   You don't.
>
>   The problem is that ANOTHER PAM module is failing.  So the PAM libraries
> are mangling the password.
>
>   There is NOTHING you can do to FreeRADIUS or pam_radius_auth to fix the
> problem.
>
>   You MUST modify the PAM configuration on the client machine to remove
> the problem PAM module.
>
> > The replies kept saying modifying PAM modules instead of
> > pam_radius_auth.so. But to be honest, the pam_radius_auth.c is one of the
> > customized PAM modules. If pam_radius_auth.so is not the one to be
> > modified, which one should be? No one has ever given any answers to
> that...
>
>   The answers in the link you posted are pretty clear.
>
> > I hate asking the same question repeatedly. However,  unless a viable
> > solution is given, these  question will keep popping back to the mail
> list.
> > So for those free radius gurus, please advise how to fix it even though
> it
> > might not directly be related to free radius.
>
>   Fix the PAM configuration on the client.  The link you posted says this.
>
>   How to fix it?  I don't know... go ask the PAM people how their software
> works.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>

More information about the Freeradius-Users mailing list