[EMAIL PROTECTED] wrote: > However, it still respects my /etc/passwd password as well. When I > tried to change the sufficient to required like the rest of the > entries, no login worked for me.
That's because PAM needs the authorization credentials, which are usually found in /etc/passwd. The latest CVS snapshot of the pam module includes a dummy setcred function, which allows things like PPPd to do PAM authentication. That's because PPPd often doesn't need login credentials, it just wants to give people net access. > Can someone shed a little more light on the best way to make RADIUS my only > login *IF* the radius server is available, then it could fall back to the > local account for CONSOLE access if needed. Any program which needs the console MUST get the uid/gid/etc credentials. The PAM radius module CANNOT supply those, so what you want is impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
