My first guess would be that the user account has a null password. (For most systems, accounts with null password will authenticate with ANY password, not strictly "the empty password".)
/fc On Thu, May 23, 2002 at 11:26:39PM -0400, Aamer Akhter wrote: > thanks frank, > > i think i've got it working with this config: > > # more radiusd > #%PAM-1.0 > auth required /lib/security/pam_stack.so service=system-auth > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > > # more system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth sufficient /lib/security/pam_unix.so likeauth nullok md5 shadow > auth required /lib/security/pam_deny.so > account sufficient /lib/security/pam_unix.so > account required /lib/security/pam_deny.so > password required /lib/security/pam_cracklib.so retry=3 > password sufficient /lib/security/pam_unix.so nullok use_authtok md5 > shadow > password required /lib/security/pam_deny.so > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > > ----- Original Message ----- > From: "Frank Cusack" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, May 23, 2002 11:12 PM > Subject: Re: radiusd allows users with any password > > > > On Thu, May 23, 2002 at 08:48:41PM -0400, Aamer Akhter wrote: > > > Frank, > > > > > > shouldn't it worry about the password? or am i missing something? > > > > freeradius does not care about the password, it passes on the password > > to PAM. PAM is authenticating the user, freeradius is merely relaying > > the response. Your PAM setup is allowing all users. > > > > What does your PAM config look like? Note that freeradius is using PAM > > service name 'radiusd' (from the logs). If you don't have rules for that > > service, PAM will use the rules for service 'other'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
