[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PPP + RADIUS authentication using PAM



On Mon, 30 Oct 2000, Ganesh, Sangeetha (Sangeetha)** CTR ** wrote:

> Hi,
> The paragraph below will give you an idea as to what i am trying to
> implement:

> Environment:-
> OS: RedHat Linux 6.2

> Description:-
> The requirement is to setup a PPP server on Linux to handle both dial-in and
> dial-out connections. Firstly it should be able to do CHAP authentication
> at the Data Link Layer level.Secondly I also need the Linux server to have a
> Radius client that can authenticate users against a RADIUS server. This
> should happen in the sequence , i.e, CHAP first and then RADIUS
> authentication.
> My question here is can i do all of the above with Linux PAM??
> I tried using Portslave(a Radius client) but am facing some problems because
> of some known bugs and issues associated with Portslave.

If CHAP is a requirement, you're much better off not using PAM for
authentication. CHAP requires that passwords be stored in plaintext on the
server, and there are few (if any) PAM modules that are designed to work with
this scenario.  Certainly, using PAM won't let you authenticate against
/etc/passwd.  CHAP really calls for a private password database, and most of
the radius server software available already supports this directly.

How do you see PAM being useful in your configuration?  It's possible that PAM
may be useful at some stage of this process, but I don't see where.

Steve Langasek
postmodern programmer





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []