You just want the pam piece? this needs to be radiusd, the auth-file(?) parameter piece is broken i think. or at least I didnt get it to work right.. The first part (commented) works but it requires a local user, the second one works without a local user, and you will want to replace the pam_afs.so module with the pam_krb5.so module.
[EMAIL PROTECTED] pam.d]# more radiusd #%PAM-1.0 ###works but requires a local user #auth required /lib/security/pam_unix_auth.so shadow nullok #auth required /lib/security/pam_afs.so #auth required /lib/security/pam_nologin.so #account required /lib/security/pam_unix_acct.so #password required /lib/security/pam_cracklib.so #password required /lib/security/pam_unix_password.so shadow nullok use_aut htok #session required /lib/security/pam_unix_session.so ###### auth required /lib/security/pam_mine.so auth required /lib/security/pam_afs.so auth required /lib/security/pam_nologin.so account required /lib/security/pam_permit.so password required /lib/security/pam_permit.so password required /lib/security/pam_permit.so session required /lib/security/pam_permit.so On Sun, 29 Jun 2003, Mark van Kerkwyk wrote: > Hi, does anyone have a working radiusd.conf where both LDAP and PAM are > being used, LDAP for accounts/groups etc and PAM for auth to another > source. > > In my case case I will store all credentials in LDAP but send all auth via > pam_krb5 to our kerberos enrivonment. That way I have no passwords stored > or sent in the clear anywhere also. > > regards > > Mark > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
