[Bug-gnu-radius] server side PAM authentication

bug-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-gnu-radius] server side PAM authentication

From:	Ilguiz Latypov
Subject:	[Bug-gnu-radius] server side PAM authentication
Date:	Fri, 19 Jul 2002 09:49:32 -0400 (EDT)

1. What is the correct syntax for enabling server side PAM authentication?  
   After recompiling gnu-radiusd with --enable-pam and putting

    DEFAULT     Auth-Type = Pam

   I got a parsing error.  I thought that I followed the documentation 
   from gnu-radius info files.

   Somehow I found that the following configuration works:

    DEFAULT Auth-Type = Pam,
                    Simultaneous-Use = 1    
            Service-Type = Login-User

   The next questions are off topic.  They are really about PAM not 
   gnu-radius.

2. After that I got dlopen error on /lib/security/pam_unix_passwd.so.  Is 
   this a wrong configuration or corrupted shared module?  Here is the 
   original content of /etc/pam.d/radius:

    #%PAM-1.0
    auth       required /lib/security/pam_unix_auth.so shadow nullok
    auth       required /lib/security/pam_nologin.so
    account    required /lib/security/pam_unix_acct.so
    password   required /lib/security/pam_cracklib.so
    password   required /lib/security/pam_unix_password.so shadow nullok 
use_authtok
    session    required /lib/security/pam_unix_session.so

   When I copied the content of /etc/pam.d/su to the file radius,

    #%PAM-1.0
    auth       required /lib/security/pam_pwdb.so shadow nullok
    account    required /lib/security/pam_pwdb.so
    password   required /lib/security/pam_cracklib.so
    password   required /lib/security/pam_pwdb.so shadow use_authtok nullok
    session    required /lib/security/pam_pwdb.so

   radsession has finally worked:

    address@hidden ilatypov]# /usr/local/bin/radsession -l test -p XXXX --auth
    Acknowledged
    address@hidden ilatypov]# tail /var/log/messages
    [...]
    Jul 19 09:38:58 server radiusd[12786]: (AUTHREQ local 32 test): Login OK 
[test], CLID unknown
    Jul 19 09:38:58 server radiusd[12786]: Auth.notice: (AUTHREQ local 32 
test): Login OK [test], CLID unknown

3. There are no positive messages from PAM_pwdb in the above log file.  I 
   only see messages from PAM_pwdb when supplying a wrong password:

     Jul 19 09:41:26 server PAM_pwdb[12786]: authentication failure; (uid=0) -> 
test for radius service

   How come I see positive messages when doing su 

     Jul 19 09:42:41 server PAM_pwdb[14700]: (su) session opened for user root 
by ilatypov(uid=0)

   but not when doing radsession ... --auth?

Ilguiz

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-gnu-radius] server side PAM authentication, Ilguiz Latypov <=
- Re: [Bug-gnu-radius] server side PAM authentication, Sergey Poznyakoff, 2002/07/19
  - Re: [Bug-gnu-radius] server side PAM authentication, Ilguiz Latypov, 2002/07/20
    - Re: [Bug-gnu-radius] server side PAM authentication, Sergey Poznyakoff, 2002/07/20

Prev by Date: [Bug-gnu-radius] link problem when SQL is disabled
Next by Date: Re: [Bug-gnu-radius] link problem when SQL is disabled
Previous by thread: [Bug-gnu-radius] link problem when SQL is disabled
Next by thread: Re: [Bug-gnu-radius] server side PAM authentication
Index(es):
- Date
- Thread