On 8/19/05, Sean P. Malone <[EMAIL PROTECTED]> wrote: > $ cat /etc/pam.conf > # > # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ > # > # PAM configuration for the "sshd" service > # > > # auth > > #sshd auth required pam_radius.so -update -/usr/local/etc/radius > #auth required pam_nologin.so no_warn
> Basically, it's an empty file as far as pam_radius knows. > I think you incorrectly configured your system, you should have edited the /etc/pam.d/sshd file and added the pam_radius in there as: auth required pam_radius.so -update -/usr/local/etc/radius When you created the /etc/pam.conf file, you told PAM to not look in the /etc/pam.d directory for config info for any of the services listed in /etc/pam.d. This caused it to not know how to authenticate any logins, which resulted in it allowing all logins. I believe this is also why you were able to log into your system with just a: ssh auth required pam_radius.so -update -/usr/local/etc/radius in your /etc/pam.conf, as there was no entry for sshd in pam.conf. Scot -- DISCLAIMER: No electrons were mamed while sending this message. Only slightly bruised. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
