From edc753ad22c03a7e96c6e2323cd551f50588d686 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 21 Jun 2023 22:08:16 +0200
Subject: tacacs: T141: create new UNIX group for aaa

---
 src/pam-configs/radius | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/pam-configs/radius b/src/pam-configs/radius
index aaae6aeb0..08247f77c 100644
--- a/src/pam-configs/radius
+++ b/src/pam-configs/radius
@@ -1,20 +1,17 @@
 Name: RADIUS authentication
-Default: yes
+Default: no
 Priority: 257
 Auth-Type: Primary
 Auth:
-    [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet
-    [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet
+    [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=end default=ignore] pam_radius_auth.so
 
 Account-Type: Primary
 Account:
-    [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet
-    [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet
+    [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_radius_auth.so
 
 Session-Type: Additional
 Session:
-    [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet
-    [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet
+    [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=ok default=ignore] pam_radius_auth.so
-- 
cgit v1.2.3