Help with authpf(8)

Sun, 30 Apr 2017 06:23:24 -0700 

Hello
I am in the process of setting up the authpf(8) service on OpenBSD 6.1. I would like to have the users authenticate using radius. I have setup the login.conf (below) appropriately to achieve this, however I find that when 
I try to login with a user that is not on the system, the radius
authentication fails.  I see that sshd(8) is sending out two radius auth
requests. One has the username w/o a password and one has a user of NOUSER 
with a password.  Looking at the ssh code I can see that sshd is looking
for an account with the username and since one doesn't exist it is calling fakepw() to process fake information. I was trying to avoid having to setup 
the ypldap(8) + ldapd(8) dance to have user accounts on the system.
So my question, is there a way to setup authenticate users against authpf(8) 
without needing their accounts local or in YP?

Regards
Michael Graves

=== login.conf (comments removed)

# Default allowed authentication styles
auth-defaults:auth=passwd,skey:

# Default allowed authentication styles for authentication type ftp
auth-ftp-defaults:auth-ftp=passwd:

auth-ssh-defaults:auth-ssh=radius:

authpf-defaults:\
        :shell=/usr/sbin/authpf:

default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ 
        :umask=022:\
        :datasize-max=768M:\
        :datasize-cur=768M:\
        :maxproc-max=256:\
        :maxproc-cur=128:\
        :openfiles-max=1024:\
        :openfiles-cur=512:\
        :stacksize-cur=4M:\
        :localcipher=blowfish,a:\
        :tc=auth-ssh-defaults:\
        :tc=radius:\
        :tc=auth-defaults:\
        :tc=auth-ftp-defaults:

myclass:\
        :auth=-mystyle:\
        :tc=authpf-defaults:\
        :tc=default:

radius:\
        :radius-port=1812:\
        :radius-server=10.1.2.1:\
        :radius-timeout=1:\
        :radius-retries=1:

daemon:\
        :ignorenologin:\
        :datasize=infinity:\
        :maxproc=infinity:\
        :openfiles-max=1024:\
        :openfiles-cur=128:\
        :stacksize-cur=8M:\
        :localcipher=blowfish,a:\
        :tc=default:

staff:\
        :datasize-cur=1536M:\
        :datasize-max=infinity:\
        :maxproc-max=512:\
        :maxproc-cur=256:\
        :ignorenologin:\
        :requirehome@:\
        :tc=default:

authpf:\
        :welcome=/etc/motd.authpf:\
        :shell=/usr/sbin/authpf:\
        :tc=default:

pbuild:\
        :datasize-max=infinity:\
        :datasize-cur=4096M:\
        :maxproc-max=1024:\
        :maxproc-cur=256:\
        :tc=default:

bgpd:\
        :openfiles=512:\
        :tc=daemon:

unbound:\
        :openfiles=512:\
        :tc=daemon:

Reply via email to