Am 20.08.2005 um 00:32 schrieb Scot Hetzel:
On 8/19/05, Sean P. Malone <[EMAIL PROTECTED]> wrote:
$ cat /etc/pam.conf
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
# auth
#sshd auth required pam_radius.so -update -/usr/local/etc/radius
#auth required pam_nologin.so no_warn
Basically, it's an empty file as far as pam_radius knows.
I think you incorrectly configured your system, you should have edited
the /etc/pam.d/sshd file and added the pam_radius in there as:
auth required pam_radius.so -update -/usr/local/etc/radius
When you created the /etc/pam.conf file, you told PAM to not look in
the /etc/pam.d directory for config info for any of the services
listed in /etc/pam.d. This caused it to not know how to authenticate
any logins, which resulted in it allowing all logins.
I don't now what's wrong, but this explanation is not correct (on 6.0-
BETA2). The man page states that /etc/pam.d/* information is
consulted before /etc/pam.conf, and creating an empty /etc/pam.conf
won't let me log in unless I enter a correct password.
Mz experience with pam has been too confusing to add any real
insight. I'd hope that des@ would be able to comment properly...
Stefan
--
Stefan Bethke <[EMAIL PROTECTED]> Fon +49 170 346 0140
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
