[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: pam radius




> -----Original Message-----
> From: Orlando Andico [mailto:orly@mozcom.com]
> Sent: Sunday, 28 March 1999 1:19
> To: pam-list@redhat.com
> Subject: pam radius
>
>
>
> Does the current pam_radius authenticate as well as account?
> the version
> which comes with red hat 5.2 only does accounting..

No. I believe Christian Gafton rolled radius auth and accounting into
pam_pwdb.

>
> would it be possible (with an authenticating pam_radius) to completely
> ditch the /etc/passwd and /etc/shadow files? where would UID/GID
> information be stored? as "custom" Radius attributes?

yes. This is what I do. you can use nss_pwdb in conjunction with pam_pwdb.
You will need to modify things slightly to do authorisation properly (ie.
sendmail needs to check if a user exists, to do this you don't need to
authenticate the user but normally radius requires a password) There are
several ways you can do this. You can either kludge a password for
authorisation style requests or create a special attribute for radius to
handle these kind of requests, which is what we have done. You will also
need a fairly flexible radius server to handle this. If you haven't looked
at Radiator before (http://www.open.com.au/Radiator) it might be worth it.
>
> if that's too hard.. where can i get information on writing my own nss
> module? i suppose you don't need to have access to the libc
> source because
> nss_ldap works on solaris where there's no access to the libc source.
>
> -------------------------------------------------------------------
> Orlando Andico <orly@mozcom.com>
> Mosaic Communications, Inc.
> Phone: +63 (2) 937-2293  Mobile: +63 (0912) 800-8262
>
> --
> To unsubscribe: mail -s unsubscribe
> pam-list-request@redhat.com < /dev/null
>

Regards,


Richard



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []