Date: Thu, 14 Feb 2008 16:29:59 GMT From: des@FreeBSD.org To: danm@prime.gushi.org, des@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: bin/66095: [pam] template_user is broken in pam_radius Message-ID: <200802141629.m1EGTxhe092178@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: [pam] template_user is broken in pam_radius State-Changed-From-To: open->closed State-Changed-By: des State-Changed-When: Thu Feb 14 16:26:43 UTC 2008 State-Changed-Why: This is actually a configuration error. At the point where pam_radius submits an authentication request to the server, it doesn't know (or care) whether the user exists in the local user database. It doesn't make that check until after the user has been authenticated by the radius server. The only explanation for this is that the originator had something in their PAM configuratin that rejected the authentication attempt before it ever reached pam_radius. This could easily have been verified by enabling debugging with the "debug" keyword in the appropriate PAM stack. http://www.freebsd.org/cgi/query-pr.cgi?pr=66095
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802141629.m1EGTxhe092178>