[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PPP + RADIUS authentication using PAM

> How do you see PAM being useful in your configuration?  It's possible that PAM
> may be useful at some stage of this process, but I don't see where.
PAM's useful in this area when you consider that you've got PHP, MySQL, Apache, Squid 
and PPPd all configured for PAM, and then you want to cast the box "out there" 
somewhere.  It leaves ample room for all applications to be configured against the same 
authing mechanism with minimal effort - this is particularly relevant when the box could 
change authentication (Ie; from Radius to Tacacs .. or worse case - to NT's SMB auth).

However, there are two things that make this difficult - from my experiments - one is that 
PAM ultimately expects a user to terminate (reside) on the local machine ... something (I 
can't remember which module) still requires an account in /etc/passwd; not handy for the 
idea of "network users" who make use of network-level resources only (no shelling 
required).  The other is that PAM wasn't designed - from what I remember of my 
experiments - for the more sophisticated logging demands of protocols like RADIUS - 
where Byte counts and termination codes needed to be sent back as part of the session 
  Other than those two scenarios I think PAM would be an excellent (and preferred) 
solution for this type of work (especially when you throw in concepts like the PAM-Relay).

"Where there's smoke, there's fire"

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []