Date: Tue, 28 Apr 2015 12:05:55 -0700 From: Chris Stankevitz <chrisstankevitz@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Using pam_radius in /etc/pam.d/sshd Message-ID: <CAPi0psuR6P9HrE-nK79hvwrAng6=u%2B5H8N3_XhHDiSu4bMqfWQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, 1. After I supply an incorrect radius password three time, I am not afforded an opportunity to supply my pam_unix password. Why am I not afforded this opportunity? (pam.d/sshd below) 2. Is there a way to reduce the number of times a user can attempt to login with pam_radius from 3 to 1? 'man pam_radius' suggests no options that might accomplish this. I wonder if there are 'secret' options at a higher level to control this. My goal: users can log in with pam_radius or pam_unix, whichever they choose. I figured I would accomplish this with the following /etc/pam.d/sshd auth and by telling users "just press enter when prompted for the radius pw, then you will be prompted for your passwd": auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_radius.so auth required pam_unix.so no_warn try_first_pass Thank you, Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPi0psuR6P9HrE-nK79hvwrAng6=u%2B5H8N3_XhHDiSu4bMqfWQ>