From c2c2b9c4b0571f4e6050de78ae8fd813d1be7431 Mon Sep 17 00:00:00 2001 From: Arran Cudbard-Bell Date: Wed, 24 Oct 2012 08:18:01 +0100 Subject: Commit of version 1.3.17 --- INSTALL | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 INSTALL (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..3416170 --- /dev/null +++ b/INSTALL @@ -0,0 +1,114 @@ +********************************************************************** + Redhat Linux 4.2 (PAM 0.54) +********************************************************************** + + make. + + Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so + + In /etc/pam.conf, add the line: + +login auth sufficient /lib/security/pam_radius_auth.so + + AFTER + +login auth required /lib/security/pam_securetty.so + + and BEFORE + +login auth required /lib/security/pam_unix_auth.so + + i.e. + +login auth required /lib/security/pam_securetty.so +login auth sufficient /lib/security/pam_radius_auth.so +login auth required /lib/security/pam_unix_auth.so + + +********************************************************************** + Redhat Linux > 5.0 +********************************************************************** + + make. + + Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so + + In the per-application configuration (/etc/pam.d/application) add: + +auth sufficient /lib/security/pam_radius_auth.so + + AFTER + +auth required /lib/security/pam_securetty.so + + and BEFORE + +auth required /lib/security/pam_unix_auth.so + + i.e. + +auth required /lib/security/pam_securetty.so +auth sufficient /lib/security/pam_radius_auth.so +auth required /lib/security/pam_unix_auth.so + + +********************************************************************** + Solaris 2.6 +********************************************************************** + + make. + + Copy 'pam_radius_auth.so' to /usr/lib/security/pam_radius_auth.so.1 + + in /etc/pam.conf, add the line: + +login auth sufficient /usr/lib/security/pam_radius_auth.so.1 + + BEFORE + +login auth required /usr/lib/security/pam_unix_auth.so.1 + + You will probably also have to add the lines: + +telnet auth sufficient /usr/lib/security/pam_radius_auth.so.1 +telnet auth required /usr/lib/security/pam_unix.so.1 + + in order to perform network logins. + +---------------------------------------------------------------------- + + Password change requests are pretty much the same. Add a line like: + +passwd password sufficient /lib/security/pam_radius_auth.so + + And you're set. + + Note that password change requests will NOT work for RADIUS users +using challenge-response authentication. + +---------------------------------------------------------------------- + + If you're familiar with PAM, configuring RADIUS authentication for +other applications should be straightforward. + + Note that you should be *very* careful when configuring users who +use RADIUS challenge-response. They should *not* have a Unix password +defined, or the challenge-response token card may become meaningless. + + Users who have have a RADIUS challenge-response configuration must +enter an initial password, unless 'skip_passwd' (see below) is +defined. The password they enter may not be blank or empty. + +---------------------------------------------------------------------- + + You will need a server configuration file. An example is given in +the file pam_radius_auth.conf. You will need to copy this file to +/etc/raddb/server. The file MUST be secure! i.e. + +chown root /etc/raddb +chmod go-rwx /etc/raddb +chmod go-rwx /etc/raddb/server + + See 'USAGE' for details of the configuration file. + +---------------------------------------------------------------------- -- cgit v1.2.3