diff options
| author | Arran Cudbard-Bell <a.cudbardb@freeradius.org> | 2012-10-24 08:18:01 +0100 |
|---|---|---|
| committer | Arran Cudbard-Bell <a.cudbardb@freeradius.org> | 2012-10-24 08:18:01 +0100 |
| commit | c2c2b9c4b0571f4e6050de78ae8fd813d1be7431 (patch) | |
| tree | 12d9d04d58daec7558ab0ae63c7c52ac7d14642f /INSTALL | |
| download | libpam-radius-auth-c2c2b9c4b0571f4e6050de78ae8fd813d1be7431.tar.gz libpam-radius-auth-c2c2b9c4b0571f4e6050de78ae8fd813d1be7431.zip | |
Commit of version 1.3.17
Diffstat (limited to 'INSTALL')
| -rw-r--r-- | INSTALL | 114 |
1 files changed, 114 insertions, 0 deletions
@@ -0,0 +1,114 @@ +********************************************************************** + Redhat Linux 4.2 (PAM 0.54) +********************************************************************** + + make. + + Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so + + In /etc/pam.conf, add the line: + +login auth sufficient /lib/security/pam_radius_auth.so + + AFTER + +login auth required /lib/security/pam_securetty.so + + and BEFORE + +login auth required /lib/security/pam_unix_auth.so + + i.e. + +login auth required /lib/security/pam_securetty.so +login auth sufficient /lib/security/pam_radius_auth.so +login auth required /lib/security/pam_unix_auth.so + + +********************************************************************** + Redhat Linux > 5.0 +********************************************************************** + + make. + + Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so + + In the per-application configuration (/etc/pam.d/application) add: + +auth sufficient /lib/security/pam_radius_auth.so + + AFTER + +auth required /lib/security/pam_securetty.so + + and BEFORE + +auth required /lib/security/pam_unix_auth.so + + i.e. + +auth required /lib/security/pam_securetty.so +auth sufficient /lib/security/pam_radius_auth.so +auth required /lib/security/pam_unix_auth.so + + +********************************************************************** + Solaris 2.6 +********************************************************************** + + make. + + Copy 'pam_radius_auth.so' to /usr/lib/security/pam_radius_auth.so.1 + + in /etc/pam.conf, add the line: + +login auth sufficient /usr/lib/security/pam_radius_auth.so.1 + + BEFORE + +login auth required /usr/lib/security/pam_unix_auth.so.1 + + You will probably also have to add the lines: + +telnet auth sufficient /usr/lib/security/pam_radius_auth.so.1 +telnet auth required /usr/lib/security/pam_unix.so.1 + + in order to perform network logins. + +---------------------------------------------------------------------- + + Password change requests are pretty much the same. Add a line like: + +passwd password sufficient /lib/security/pam_radius_auth.so + + And you're set. + + Note that password change requests will NOT work for RADIUS users +using challenge-response authentication. + +---------------------------------------------------------------------- + + If you're familiar with PAM, configuring RADIUS authentication for +other applications should be straightforward. + + Note that you should be *very* careful when configuring users who +use RADIUS challenge-response. They should *not* have a Unix password +defined, or the challenge-response token card may become meaningless. + + Users who have have a RADIUS challenge-response configuration must +enter an initial password, unless 'skip_passwd' (see below) is +defined. The password they enter may not be blank or empty. + +---------------------------------------------------------------------- + + You will need a server configuration file. An example is given in +the file pam_radius_auth.conf. You will need to copy this file to +/etc/raddb/server. The file MUST be secure! i.e. + +chown root /etc/raddb +chmod go-rwx /etc/raddb +chmod go-rwx /etc/raddb/server + + See 'USAGE' for details of the configuration file. + +---------------------------------------------------------------------- |