[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM with GNU radius



On Fri, Aug 30, 2002 at 01:50:45PM -0500, Hakanson, David J. wrote:

>     I am trying to set up a radius server (GNU radius) using PAM (krb5)
> for authentication. I am having problems doing radius auths since the
> account part fails. My pam file looks like:

> auth        sufficient    /lib/security/pam_krb5.so use_authtok

> auth        required      /lib/security/pam_deny.so

> account    required     /lib/security/pam_permit.so

> session    required     /lib/security/pam_permit.so


>     When I do a radius auth the authentication goes through without a
> problem but then denies me with the error: "pam_krb5: unable to
> determine uid/gid for user" and then "pam_krb5: authentication fails for
> user". Is there any way that I can completely bypass the account/session
> portion of PAM? Since all I am doing is using PAM for authentication and
> not authorization I don't need the uid/gid information at all.

Use a pam_krb5 module that doesn't look for uids during authentication. 
I think the pam_krb5 module in CVS at http://www.sourceforge.net/projects/pam
qualifies.

Steve Langasek
postmodern programmer

Attachment: pgp00006.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []