diff options
| author | Dave Olson <olson@cumulusnetworks.com> | 2018-01-23 16:04:03 -0800 | 
|---|---|---|
| committer | Dave Olson <olson@cumulusnetworks.com> | 2018-01-23 16:17:18 -0800 | 
| commit | a56320d97bcca3b6032b875008396c24f40eb5c4 (patch) | |
| tree | 371321ba54fb0284f91339c12dcd17c521311159 | |
| parent | 8131ff2e52c3e15552c9db8911fe30359dfabe21 (diff) | |
| download | libpam-radius-auth-a56320d97bcca3b6032b875008396c24f40eb5c4.tar.gz libpam-radius-auth-a56320d97bcca3b6032b875008396c24f40eb5c4.zip | |
Improved documentation in man pages.
Ticket: UD-1248
Reviewed By: nobody
Testing Done:
Tried to be clearer about default ports.   Added a comment in the
plugin manpage that debug can be set in the config file as well.
There was a complaint that it wasn't clear on how to set the various
options for the pam plugin module, so I tried to make that cleaer
as well.
Also fixed some spelling errors in the man page, and remove the
non-debian config file default.
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | pam_radius_auth.5 | 12 | ||||
| -rw-r--r-- | pam_radius_auth.8 | 28 | 
3 files changed, 36 insertions, 10 deletions
| diff --git a/debian/changelog b/debian/changelog index e2f41a1..cd9e814 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libpam-radius-auth (1.4.1-cl3u2) RELEASED; urgency=low + +  * Improved documentation in man pages + + -- Dave Olson <olson@cumulusnetworks.com>  Tue, 23 Jan 2018 16:03:38 -0800 +  libpam-radius-auth (1.4.1-cl3u1) RELEASED; urgency=low    * Added support for mapping radius accounts to a local account diff --git a/pam_radius_auth.5 b/pam_radius_auth.5 index fc28452..2d25ddf 100644 --- a/pam_radius_auth.5 +++ b/pam_radius_auth.5 @@ -3,7 +3,7 @@  .SH NAME  pam_radius_auth.conf \- RADIUS client configuration file  .SH SYNOPSIS -.B /etc/pam_radius_auth.conf  +.B /etc/pam_radius_auth.conf  is the RADIUS client configuration file for the PAM RADIUS client plugin.  It contains the information on how to reach the RADIUS server(s), and  because it contains the shared secret key, should be mode 600 and owned @@ -22,9 +22,15 @@ Not all keywords use all fields.  Output PAM and RADIUS communication debugging information via syslog(3).  .TP  .I  server[:port] secret [timeout] [src_ip] -the port name or number is optional.  The default port name is -"radius", and is looked up from +the port name or number is optional.  The default ports are not +part of the code base, and are retrieved from  .IR /etc/services . +The ports used are +.BR " radius " +for authentication and +.BR " radacct " +for accounting. +.P  The timeout field is optional.  The default timeout is 3 seconds.  .IP  For IPv6 literal addresses, the address has to be surrounded  by diff --git a/pam_radius_auth.8 b/pam_radius_auth.8 index e39a190..61fbf8f 100644 --- a/pam_radius_auth.8 +++ b/pam_radius_auth.8 @@ -14,12 +14,22 @@ because the RADIUS protocol does not support it.  This PAM module takes a number of standard PAM configuration options,  as well as some specific to this plugin.  .PP -options can be added by editting the files in +These options can be enabled by editing the generated entries in the  .I /etc/pam.d -or by editting the configuration file +directory to add them to the radius plugin.  The files can be found by running +the command: +.IP +.B grep radius /etc/pam.d/* +.PP +They can also be set by editing the configuration file  .I /usr/share/pam-configs/radius  and then running -.BR pam-auth-config . +.B pam-auth-config +to re-generate the files in /etc/pam.d/. +.BR NOTE : +The file +.I /usr/share/pam-configs/radius +is not a configuration file, and may be overwritten on upgrades.  .PP  All of the following arguments are optional, and can be combined as needed.  Note that not all of these options are relevant in for all uses of the module. @@ -38,23 +48,27 @@ i.e. A blank client ID.  .TP  .I conf=foo  set the configuration filename to 'foo'. -Default is /etc/raddb/server (/etc/pam_radius_auth.conf -on Debian systems). +The default is +.IR /etc/pam_radius_auth.conf .  .TP  .I debug  print out extensive debugging information via pam_log.  These messages generally end up being handled by -sylog(), and go to /var/log/messages.  Depending on +syslog(), and go to /var/log/messages.  Depending on  your host operating system, the log messages may be  elsewhere.  .IP +This variable may also be set in the +.I /etc/pam_radius_auth +file.  See that file for details. +.IP  You should generally use the debug option when first  trying configuring this module, as it will help  enormously in tracking down problems.  .TP  .I force_prompt  Request a new password and not using the previously entered -password. This usefull for multi-factor authentication +password. This useful for multi-factor authentication  when used with a Token.  .TP  .I localifdown | 
