summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDave Olson <olson@cumulusnetworks.com>2018-01-23 16:04:03 -0800
committerDave Olson <olson@cumulusnetworks.com>2018-01-23 16:17:18 -0800
commita56320d97bcca3b6032b875008396c24f40eb5c4 (patch)
tree371321ba54fb0284f91339c12dcd17c521311159
parent8131ff2e52c3e15552c9db8911fe30359dfabe21 (diff)
downloadlibpam-radius-auth-a56320d97bcca3b6032b875008396c24f40eb5c4.tar.gz
libpam-radius-auth-a56320d97bcca3b6032b875008396c24f40eb5c4.zip
Improved documentation in man pages.
Ticket: UD-1248 Reviewed By: nobody Testing Done: Tried to be clearer about default ports. Added a comment in the plugin manpage that debug can be set in the config file as well. There was a complaint that it wasn't clear on how to set the various options for the pam plugin module, so I tried to make that cleaer as well. Also fixed some spelling errors in the man page, and remove the non-debian config file default.
-rw-r--r--debian/changelog6
-rw-r--r--pam_radius_auth.512
-rw-r--r--pam_radius_auth.828
3 files changed, 36 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog
index e2f41a1..cd9e814 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libpam-radius-auth (1.4.1-cl3u2) RELEASED; urgency=low
+
+ * Improved documentation in man pages
+
+ -- Dave Olson <olson@cumulusnetworks.com> Tue, 23 Jan 2018 16:03:38 -0800
+
libpam-radius-auth (1.4.1-cl3u1) RELEASED; urgency=low
* Added support for mapping radius accounts to a local account
diff --git a/pam_radius_auth.5 b/pam_radius_auth.5
index fc28452..2d25ddf 100644
--- a/pam_radius_auth.5
+++ b/pam_radius_auth.5
@@ -3,7 +3,7 @@
.SH NAME
pam_radius_auth.conf \- RADIUS client configuration file
.SH SYNOPSIS
-.B /etc/pam_radius_auth.conf
+.B /etc/pam_radius_auth.conf
is the RADIUS client configuration file for the PAM RADIUS client plugin.
It contains the information on how to reach the RADIUS server(s), and
because it contains the shared secret key, should be mode 600 and owned
@@ -22,9 +22,15 @@ Not all keywords use all fields.
Output PAM and RADIUS communication debugging information via syslog(3).
.TP
.I server[:port] secret [timeout] [src_ip]
-the port name or number is optional. The default port name is
-"radius", and is looked up from
+the port name or number is optional. The default ports are not
+part of the code base, and are retrieved from
.IR /etc/services .
+The ports used are
+.BR " radius "
+for authentication and
+.BR " radacct "
+for accounting.
+.P
The timeout field is optional. The default timeout is 3 seconds.
.IP
For IPv6 literal addresses, the address has to be surrounded by
diff --git a/pam_radius_auth.8 b/pam_radius_auth.8
index e39a190..61fbf8f 100644
--- a/pam_radius_auth.8
+++ b/pam_radius_auth.8
@@ -14,12 +14,22 @@ because the RADIUS protocol does not support it.
This PAM module takes a number of standard PAM configuration options,
as well as some specific to this plugin.
.PP
-options can be added by editting the files in
+These options can be enabled by editing the generated entries in the
.I /etc/pam.d
-or by editting the configuration file
+directory to add them to the radius plugin. The files can be found by running
+the command:
+.IP
+.B grep radius /etc/pam.d/*
+.PP
+They can also be set by editing the configuration file
.I /usr/share/pam-configs/radius
and then running
-.BR pam-auth-config .
+.B pam-auth-config
+to re-generate the files in /etc/pam.d/.
+.BR NOTE :
+The file
+.I /usr/share/pam-configs/radius
+is not a configuration file, and may be overwritten on upgrades.
.PP
All of the following arguments are optional, and can be combined as needed.
Note that not all of these options are relevant in for all uses of the module.
@@ -38,23 +48,27 @@ i.e. A blank client ID.
.TP
.I conf=foo
set the configuration filename to 'foo'.
-Default is /etc/raddb/server (/etc/pam_radius_auth.conf
-on Debian systems).
+The default is
+.IR /etc/pam_radius_auth.conf .
.TP
.I debug
print out extensive debugging information via pam_log.
These messages generally end up being handled by
-sylog(), and go to /var/log/messages. Depending on
+syslog(), and go to /var/log/messages. Depending on
your host operating system, the log messages may be
elsewhere.
.IP
+This variable may also be set in the
+.I /etc/pam_radius_auth
+file. See that file for details.
+.IP
You should generally use the debug option when first
trying configuring this module, as it will help
enormously in tracking down problems.
.TP
.I force_prompt
Request a new password and not using the previously entered
-password. This usefull for multi-factor authentication
+password. This useful for multi-factor authentication
when used with a Token.
.TP
.I localifdown