[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnu-radius] server side PAM authentication
From: |
Ilguiz Latypov |
Subject: |
Re: [Bug-gnu-radius] server side PAM authentication |
Date: |
Sat, 20 Jul 2002 11:51:01 -0400 (EDT) |
On Fri, 19 Jul 2002, Sergey Poznyakoff wrote:
> I would like to ask you to prominently specify the version of radius
> your message refers to (1.0 is not in production use yet and many
> subscribers may get confused).
That was a July 18, 2002 snapshot from CVS.
> By the way on what platform are you testing it?
$ uname -a
Linux server 2.4.19-pre10 #4 Thu Jun 6 17:00:26 EDT 2002 i686 unknown
> That is a syntax error for both 0.96 and pre-1.0 series of radius. The
> correct syntax will be
>
> DEFAULT Auth-Type = Pam
> NULL
Thanks. I will see if my copy of perl Authen::Radius client can handle
empty list of attributes. This client failed when tested against a
different Radius server implementation.
> (note the presence of the RHS). Most NASes will require radius to
> return at list Service-Type pair, so you'd be better off specifying:
>
> DEFAULT Auth-Type = Pam
> Service-Type = <whatever>
Luckily, I just found the explanation of the notion of NAS in "info
radius" by typing "snas<Enter>". Thanks for the excellent piece of
documentation.
> > 2. After that I got dlopen error on /lib/security/pam_unix_passwd.so. Is
> > this a wrong configuration or corrupted shared module? Here is the
>
> Hmmm, again the question is: what operating system are you using?
This module is part of RedHat Linux RPM package:
$ rpm -qf /lib/security/pam_unix_passwd.so
pam-0.74-22
Anyways, everything worked fine when I switched to pam_pwdb.so.
> I guess you should investigate the sources of su to find the answer.
Could the absence of session messages from pam_pwdb.so be due to pam.c not
calling pam_open_session()/pam_close_session() after successful
pam_authenticate()?
Ilguiz