[Sunhelp] using PAM RADIUS under Solaris 2.6
Simon Marko (pon1)
smarko at ims.telstra.com.au
Thu Jan 13 02:22:25 CST 2000
This is a multi-part message in MIME format.
------=_NextPart_000_0073_01BF5DE2.60CD90E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi Sunhelpers,
Has any of you used the pam_radius_auth library to enable user login =
authentication against a RADIUS server?
I'd be interested to hear from any of you who have got this working in a =
satisfactory way.
I'm currently trying to find a way to do this properly and securely so =
that we can begin using token authentication. We're using Cryptocards =
and CiscoSecure as our AAA RADIUS server which are working fine.
What I'm trying to sort out now is what syntax to use in the =
/etc/pam.conf file.
The docs that come with the PAM_RADIUS module from cryptocard have =
enough information to get a half-baked solution going (ie. the user is =
"challenged" and the response is ostensibly ignored).
The current pam.conf looks like this
# PAM configuration
#
# Authentication management
#
login auth sufficient /usr/lib/security/pam_radius_auth.so.1 =
skip_passwd
login auth required /usr/lib/security/pam_unix.so.1
login auth required /usr/lib/security/pam_dial_auth.so.1
# extras for RADIUS
telnet auth sufficient /usr/lib/security/pam_radius_auth.so.1 =
skip_passwd
telnet auth required /usr/lib/security/pam_unix.so.1
#
rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/pam_unix.so.1
#
dtlogin auth sufficient /usr/lib/security/pam_radius_auth.so.1
dtlogin auth required /usr/lib/security/pam_unix.so.1
#
rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
other auth required /usr/lib/security/pam_unix.so.1
#
# Account management
#
login account required /usr/lib/security/pam_unix.so.1
dtlogin account required /usr/lib/security/pam_unix.so.1
#
other account required /usr/lib/security/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/pam_unix.so.1
Any advice on PAM generally would be appreciated!
Thanks
Simon Marko
Internetworking Systems Specialist - Telstra Corporation
------=_NextPart_000_0073_01BF5DE2.60CD90E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2>Hi Sunhelpers,</FONT></DIV>
<DIV><FONT size=3D2>Has any of you used the pam_radius_auth library to =
enable user=20
login authentication against a RADIUS server?</FONT></DIV>
<DIV><FONT size=3D2>I'd be interested to hear from any of you who have =
got this=20
working in a satisfactory way.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>I'm currently trying to find a way to do this =
properly and=20
securely so that we can begin using token authentication. We're using=20
Cryptocards and CiscoSecure as our AAA RADIUS server which are working=20
fine.</FONT></DIV>
<DIV><FONT size=3D2>What I'm trying to sort out now is what syntax to =
use in the=20
/etc/pam.conf file.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>The docs that come with the PAM_RADIUS module from =
cryptocard=20
have enough information to get a half-baked solution going (ie. the user =
is=20
"challenged" and the response is ostensibly ignored).</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>The current pam.conf looks like this</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2># PAM configuration<BR>#<BR># Authentication=20
management<BR>#<BR>login auth sufficient=20
/usr/lib/security/pam_radius_auth.so.1 skip_passwd<BR>login =
auth=20
required =
/usr/lib/security/pam_unix.so.1<BR>login auth=20
required /usr/lib/security/pam_dial_auth.so.1<BR># extras =
for=20
RADIUS<BR>telnet auth sufficient =
/usr/lib/security/pam_radius_auth.so.1=20
skip_passwd<BR>telnet auth required =20
/usr/lib/security/pam_unix.so.1<BR>#<BR>rlogin auth sufficient=20
/usr/lib/security/pam_rhosts_auth.so.1<BR>rlogin auth =
required =20
/usr/lib/security/pam_unix.so.1<BR>#<BR>dtlogin auth sufficient=20
/usr/lib/security/pam_radius_auth.so.1<BR>dtlogin auth =
required =20
/usr/lib/security/pam_unix.so.1<BR>#<BR>rsh auth =
required =
/usr/lib/security/pam_rhosts_auth.so.1<BR>other =20
auth required /usr/lib/security/pam_unix.so.1<BR>#<BR># =
Account=20
management<BR>#<BR>login account=20
required =20
/usr/lib/security/pam_unix.so.1<BR>dtlogin account=20
required =20
/usr/lib/security/pam_unix.so.1<BR>#<BR>other account=20
required =20
/usr/lib/security/pam_unix.so.1<BR>#<BR># Session=20
management<BR>#<BR>other session=20
required =20
/usr/lib/security/pam_unix.so.1<BR>#<BR># Password=20
management<BR>#<BR>other password=20
required =20
/usr/lib/security/pam_unix.so.1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>Any advice on PAM generally would be =
appreciated!</FONT></DIV>
<DIV><FONT size=3D2>Thanks</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2>Simon Marko</FONT></DIV>
<DIV><FONT size=3D2>Internetworking Systems Specialist - Telstra=20
Corporation</FONT></DIV></BODY></HTML>
------=_NextPart_000_0073_01BF5DE2.60CD90E0--
More information about the SunHELP
mailing list