trying to override the pam_auth attribute

Alan DeKok aland at
Fri Aug 27 20:41:48 CEST 2021

On Aug 27, 2021, at 2:36 PM, Jonathan Davis <jonathan at> wrote:
> That's right, I was looking at it from different perspective (being ignorant of Attribute-Names and update <lists>. I saw the following in mods-enabled/pam
> pam {
>     pam_auth = radiusd
> }

  Yeah, the module configurations are substantially different from the attributes.

> What's the reason behind it being updated in the authorize section? My novice understanding is that authorize is where FreeRadius checks modules to see which one is up to trying to authenticate the request?

  The "authorize" phase is really "set things up for authentication".  So get passwords, set databases to use for authentication, etc.

  i.e. you have to know which PAM auth string to use for authentication.  So... the PAM auth string has to be set *before* the "authenticate" section is run.

> I've also got some other questions related to breaking down users vs clients vs virtual_servers, with all this in place, but that's possibly best started in a new thread with all the details included.


  See also raddb/sites-available/README, there's a ton of documentation on this subject.

> Thank you again for your assistance.

  You're welcome.  It's what I do.  :)

  Alan DeKok.

More information about the Freeradius-Users mailing list