bug-gnu-radius
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-gnu-radius] server side PAM authentication


From: Ilguiz Latypov
Subject: [Bug-gnu-radius] server side PAM authentication
Date: Fri, 19 Jul 2002 09:49:32 -0400 (EDT)

1. What is the correct syntax for enabling server side PAM authentication?  
   After recompiling gnu-radiusd with --enable-pam and putting

    DEFAULT     Auth-Type = Pam

   I got a parsing error.  I thought that I followed the documentation 
   from gnu-radius info files.

   Somehow I found that the following configuration works:

    DEFAULT Auth-Type = Pam,
                    Simultaneous-Use = 1    
            Service-Type = Login-User

   The next questions are off topic.  They are really about PAM not 
   gnu-radius.

2. After that I got dlopen error on /lib/security/pam_unix_passwd.so.  Is 
   this a wrong configuration or corrupted shared module?  Here is the 
   original content of /etc/pam.d/radius:

    #%PAM-1.0
    auth       required /lib/security/pam_unix_auth.so shadow nullok
    auth       required /lib/security/pam_nologin.so
    account    required /lib/security/pam_unix_acct.so
    password   required /lib/security/pam_cracklib.so
    password   required /lib/security/pam_unix_password.so shadow nullok 
use_authtok
    session    required /lib/security/pam_unix_session.so

   When I copied the content of /etc/pam.d/su to the file radius,

    #%PAM-1.0
    auth       required /lib/security/pam_pwdb.so shadow nullok
    account    required /lib/security/pam_pwdb.so
    password   required /lib/security/pam_cracklib.so
    password   required /lib/security/pam_pwdb.so shadow use_authtok nullok
    session    required /lib/security/pam_pwdb.so

   radsession has finally worked:

    address@hidden ilatypov]# /usr/local/bin/radsession -l test -p XXXX --auth
    Acknowledged
    address@hidden ilatypov]# tail /var/log/messages
    [...]
    Jul 19 09:38:58 server radiusd[12786]: (AUTHREQ local 32 test): Login OK 
[test], CLID unknown
    Jul 19 09:38:58 server radiusd[12786]: Auth.notice: (AUTHREQ local 32 
test): Login OK [test], CLID unknown

3. There are no positive messages from PAM_pwdb in the above log file.  I 
   only see messages from PAM_pwdb when supplying a wrong password:

     Jul 19 09:41:26 server PAM_pwdb[12786]: authentication failure; (uid=0) -> 
test for radius service

   How come I see positive messages when doing su 

     Jul 19 09:42:41 server PAM_pwdb[14700]: (su) session opened for user root 
by ilatypov(uid=0)

   but not when doing radsession ... --auth?

Ilguiz




reply via email to

[Prev in Thread] Current Thread [Next in Thread]