summaryrefslogtreecommitdiff
path: root/pam_radius_auth.5
diff options
context:
space:
mode:
Diffstat (limited to 'pam_radius_auth.5')
-rw-r--r--pam_radius_auth.556
1 files changed, 56 insertions, 0 deletions
diff --git a/pam_radius_auth.5 b/pam_radius_auth.5
new file mode 100644
index 0000000..f117166
--- /dev/null
+++ b/pam_radius_auth.5
@@ -0,0 +1,56 @@
+.TH pam_radius_auth 5
+.\" Copyright 2017 Cumulus Networks, Inc. All rights reserved.
+.SH NAME
+/etc/pam_radius_auth.conf \- RADIUS client configuration file
+.SH SYNOPSIS
+.B /etc/tacplus_servers
+is the RADIUS client configuration file for the PAM RADIUS client plugin.
+It contains the information on how to reach the RADIUS server(s), and
+because it contains the shared secret key, should be mode 600 and owned
+by root.
+.SH DESCRIPTION
+Other PAM-specific options are described in the
+.B pam_radius_auth.8
+manpage, and must be added to the PAM configuration files.
+.PP
+By default, all components source this file, enabling a single point of
+configuration for the TACACS server(s), debug settings, etc.
+.PP
+Not all keywords use all fields.
+.TP
+.I debug
+Output PAM and RADIUS communication debugging information via syslog(3).
+.TP
+.I server[:port] secret [timeout] [src_ip]
+the port name or number is optional. The default port name is
+"radius", and is looked up from
+.IR /etc/services .
+The timeout field is optional. The default timeout is 3 seconds.
+.IP
+For IPv6 literal addresses, the address has to be surrounded by
+square brackets as usual. E.g. [2001:0db8:85a3::4].
+.IP
+If multiple RADIUS server lines exist, they are tried in order. The
+first server to return success or failure causes the module to return
+success or failure. Only if a server fails to response is it skipped,
+and the next server in turn is used.
+.IP
+The optional timeout field controls how many seconds the module waits before
+deciding that the server has failed to respond. It currently must be
+less than 60.
+.IP
+The optional src_ip may be used to configure the source IP address used
+in the RADIUS packets to the server. The timeout field must be set if
+setting the src_ip is desired
+.TP
+.I vrf-name VRFNAME
+If the management network is in a VRF, set this variable to the VRF name. This
+would usually be "mgmt". This is not normally needed with PAM.
+.SH "SEE ALSO"
+.BR pam_radius_auth (8),
+.BR mapuser_nss (5)
+.SH FILES
+.I /etc/pam_radius_auth.conf
+- RADIUS client configuration parameters
+.SH AUTHOR
+Dave Olson <olson@cumulusnetworks.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 08:29:05 +0000