Date: Wed, 10 Jun 1998 21:31:02 -0300 (ADT) From: The Hermit Hacker <scrappy@hub.org> To: Wm Brian McCane <root@bmccane.maxbaud.net> Cc: John Polstra <jdp@polstra.com>, current@FreeBSD.ORG Subject: Re: Radius login via getty Message-ID: <Pine.BSF.3.96.980610212044.316B-100000@thelab.hub.org> In-Reply-To: <Pine.BSF.3.96.980610183742.2260C-100000@bmccane.maxbaud.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Jun 1998, Wm Brian McCane wrote: > Okay, assuming PAM can do what you say it will. Can it also be used with > POP3, IMAP, FTP, Telnet, RLogin, etc. Yes...in fact, you can have a different PAM module used to authenticate for the various services. A pam.conf from one of my Solaris 2.6 machines (its pretty standard) is included below. pam_unix.so.1 is the 'standard' module, that authenticates against your normal password file. pam_lradius.so.1 is the one I use to authenticate against a radius server running on a Novell box (my way of doing 'NDS' authentication...or cheating it *grin*)... The 'password management' stuff at the bottom...there is a module that you can get that gives you stricter restrictions on passwords...you just plug it into the /usr/lib/security directory, and change the point in the pam.conf file, and its there...nothing special required. And, you can have cascading modules...if one fails, it will go to the next. the radius one I have below, I modified so that one module does what I wanted, but you can have it so that if the radius module fails, it falls back to the pam_unix module to check again the system passwd file... Its a very clean system, IMHO, that Sun developed and the Linux ppl are heavily investing in. The 'Linux-PAM' thing is a misnomer, as they are working at making sure it runs on more then just Linux...but its based on the Sun stuff... ==================================================================== #ident "@(#)pam.conf 1.19 95/11/30 SMI" # # PAM configuration ## Authentication management # login auth required /usr/lib/security/pam_unix.so.1 login auth required /usr/lib/security/pam_dial_auth.so.1 # rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 rlogin auth required /usr/lib/security/pam_unix.so.1 # dtlogin auth required /usr/lib/security/pam_unix.so.1 # rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 other auth sufficient /usr/lib/security/pam_lradius.so.1 debug # # Account management # login account required /usr/lib/security/pam_unix.so.1 dtlogin account required /usr/lib/security/pam_unix.so.1 # other account required /usr/lib/security/pam_unix.so.1 # # Session management # other session required /usr/lib/security/pam_unix.so.1 # # Password management # other password required /usr/lib/security/pam_unix.so.1 ==================================================================== Marc G. Fournier Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980610212044.316B-100000>