.TH pam_radius_auth 5 .\" Copyright 2017 Cumulus Networks, Inc. All rights reserved. .SH NAME pam_radius_auth.conf \- RADIUS client configuration file .SH SYNOPSIS .B /etc/pam_radius_auth.conf is the RADIUS client configuration file for the PAM RADIUS client plugin. It contains the information on how to reach the RADIUS server(s), and because it contains the shared secret key, should be mode 600 and owned by root. .SH DESCRIPTION Other PAM-specific options are described in the .BR pam_radius_auth (8) manpage, and must be added to the PAM configuration files. .PP By default, all components source this file, enabling a single point of configuration for the TACACS server(s), debug settings, etc. .PP Not all keywords use all fields. .TP .I debug Output PAM and RADIUS communication debugging information via syslog(3). .TP .I server[:port] secret [timeout] [src_ip] the port name or number is optional. The default ports are not part of the code base, and are retrieved from .IR /etc/services . The ports used are .BR " radius " for authentication and .BR " radacct " for accounting. .P The timeout field is optional. The default timeout is 3 seconds. .IP For IPv6 literal addresses, the address has to be surrounded by square brackets as usual. E.g. [2001:0db8:85a3::4]. .IP If multiple RADIUS server lines exist, they are tried in order. The first server to return success or failure causes the module to return success or failure. Only if a server fails to response is it skipped, and the next server in turn is used. .IP The optional timeout field controls how many seconds the module waits before deciding that the server has failed to respond. It currently must be less than 60. .IP The optional src_ip may be used to configure the source IP address used in the RADIUS packets to the server. The timeout field must be set if setting the src_ip is desired .TP .I vrf-name VRFNAME If the management network is in a VRF, set this variable to the VRF name. This would usually be "mgmt". This is not normally needed with PAM. .SH "SEE ALSO" .BR pam_radius_auth (8), .BR nss_mapuser (5) .SH FILES .I /etc/pam_radius_auth.conf - RADIUS client configuration parameters .SH AUTHOR Dave Olson