Thanks Joe!
Yes, I was aware that the passwd file was STILL required, and that only
users that existed in BOTH radius and the passwd file would be getting in.
That was acceptable to us. We just plan on giving the default a /bin/null
shell so they get dumped anyway. We only want 6 users allowed, we just have
this nasty mandate to rotate our admin passwords every 30 days, and we have
70 systems of different flavors and would just love to consolidate that a
bit ;)
Thanks again!
Nick
Joe Lewis
<[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
Sent by: cc:
freeradius-users-admin@lists. Subject: Re: RedHat 7.3 as
Radius Client
cistron.nl
09/04/2002 03:05 PM
Please respond to
freeradius-users
/etc/pam.d/ssh
/etc/pam.d/login
/etc/pam.d/telnetd
NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file.
pam_radius does not implement the pam_sm_setcred function to set the
user id, group id, and other things. But, you can set a default_user in
the configuration (but everyone not in the /etc/passwd will be
default_user, so use with caution.)
For you others, if there is an implementation out there that doesn't use
the /etc/passwd, let me know.
Joe
[EMAIL PROTECTED] wrote:
>
>
> I hope this is not too basic, I have searched the archives for examples
of
> a RedHat 7.3 install with no luck.
>
> Can someone help me with the use of the Radius Authentication PAM module
> for RedHat 7.3, I want to have the server use an existing Cisco Secure
> Radius service to authentcate SSH /console logins.
>
> What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth
> files into seperate files rather than one pam.conf file. I am not sure
> which ones in the /etc/pam.d folder I need to include the
>
>
>
> Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so
>
> In the per-application configuration (/etc/pam.d/application) add:
>
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_radius_auth.so
> auth required /lib/security/pam_unix_auth.so
>
>
> And when it comes to configuring the radius client to use my RADIUS
server
> in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have
> that path.)
>
> Basically I think I understand a bit of what is needed, I am just not
sure
> how to apply it for this variant of Linux.
>
> Thanks for any config help,
>
> Nick
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
