In the pam_radius_auth src's INSTALL file says this "Users who have have a RADIUS challenge-response configuration must enter an initial password, unless 'skip_passwd' (see below) is defined. The password they enter may not be blank or empty."
Is that mean a user can use blank/empty password couple times to switch to password authentication from PAM auth ? What can I do to prevent that ? Disabling/Locking user in shadow [I am using Soalris 8] is not an option since they need to use sudo sometimes. One way I am achieving this now is by using PasswordAuthentication set to "no" is sshd_config file. [SSH is the only way users login in our systems] I read the USAGE and INSTALL files couple times and still not sure [sorry I am in newbie] if there is an option to set to prevent users from switching to local password. This is how my pam.conf looks like [showing only the relevant lines] [...] sshd auth required pam_radius_auth.so.1 The above line is the only line related to sshd Any help/suggestion would be greatly appreciated Thanks -- Asif Iqbal http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x8B686E08 There's no place like 127.0.0.1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
