summaryrefslogtreecommitdiff
path: root/pam_radius_auth.conf
blob: 120c7a74da41f483483b875d60d345e4323b4304 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

#  pam_radius_auth configuration file.
#
#  See 'man pam_radius_auth.conf pam_radius_auth'
#
#  For proper security, this file SHOULD have permissions 0600,
#  that is readable by root, and NO ONE else.  If anyone other than
#  root can read this file, then they can spoof responses from the server!
#
#  There are 2-4 fields per line in this file.  There may be multiple
#  lines.  Blank lines or lines beginning with '#' are treated as
#  comments, and are ignored.  The fields are:
#
#  server[:port] secret [timeout] [src_ip]
#
#  the port name or number is optional.  The default port name is
#  "radius", and is looked up from /etc/services The timeout field is
#  optional.  The default timeout is 3 seconds.
#
#  For IPv6 literal addresses, the address has to be surrounded  by
#  square  brackets as usual. E.g. [2001:0db8:85a3::4].
#
#  If multiple RADIUS server lines exist, they are tried in order.  The
#  first server to return success or failure causes the module to return
#  success or failure.  Only if a server fails to response is it skipped,
#  and the next server in turn is used.
#
#  The optional timeout field controls how many seconds the module waits before
#  deciding that the server has failed to respond.  It currently must be
#  less than 60.
#
#  The optional src_ip may be used to configure the source IP address used
#  in the RADIUS packets to the server.  The timeout field must be set if 
#  setting the src_ip is desired
#
# server[:port]             shared_secret      timeout (secs) src_ip
# 127.0.0.1                   secret             1
# other-server                other-secret       3            192.168.3.4
# [2001:0db8:85a3::4]:1812    other6-secret      1
#
#  This allows the radius client to work when a management VRF is in use.
#  The syntax is "vrf-name" (keyword) followed by the VRF name, typically "mgmt"
#  Since the keyword has an illegal character for a hostname ('-'), this can't
#  conflict with a valid hostname
# vrf-name mgmt
#
#  Uncomment to enable debugging, can be used instead of altering pam files
# debug
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 20:08:56 +0000