On Sun, Feb 06, 2011 at 10:06:01AM -0000, vijay s sheelavantar wrote: > I am talking about pam_radius_client. I want this pam_radius_auth.so > client to select a particular UDP port to communicate with external > radius server. so that server can send authentication responce on the > same port back to client.
Of course, the server will always send the authentication response back to whatever port the client selected. Your options are: 1. If pam_radius_client doesn't have the ability to bind to a particular port, then you can modify the source code to do so. The call you need is bind() after the socket has been created. Warning: hacking C code in security-sensitive modules (especially those running as root) is a risky business. Get an expert to make this change for you, or become an expert first. (Recommended reading: Unix Network Programming vol 1, and Advanced Programming in the Unix Environment, both by Richard Stevens) 2. I think you said before you only wanted to make sure that the port was >32768. So you can configure your OS so that *all* outbound connections bind to ports >32768. Google "linux ephemeral port range" for details. On my system: $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000 So in fact, all connections from my machine would be >=32768 anyway. Regards, Brian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html