From c59ee6a1997c03729af1b677a07d786bc44f5e9f Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Tue, 27 Oct 2009 16:33:53 -0700
Subject: Use pam-auth-update to configure radius

This keeps radius from fighting with tacacs+
---
 sysconf/pam-radius | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 sysconf/pam-radius

(limited to 'sysconf')

diff --git a/sysconf/pam-radius b/sysconf/pam-radius
new file mode 100644
index 00000000..455bcd9c
--- /dev/null
+++ b/sysconf/pam-radius
@@ -0,0 +1,10 @@
+Name: Radius authentication
+Default: no
+Priority: 512
+Auth-Type: Primary
+Auth:
+	[success=end default=ignore]	pam_radius_auth.so try_first_pass
+Account-Type: Primary
+Account:
+	[success=end new_authtok_reqd=done default=ignore]	pam_radius_auth.so try_first_pass
+	
-- 
cgit v1.2.3


From c8a022df6f376907fba22e3e2a319ed663aff081 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Thu, 29 Oct 2009 14:51:07 -0700
Subject: radius client: try first password only if not first

---
 sysconf/pam-radius | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sysconf')

diff --git a/sysconf/pam-radius b/sysconf/pam-radius
index 455bcd9c..0409dd44 100644
--- a/sysconf/pam-radius
+++ b/sysconf/pam-radius
@@ -4,6 +4,8 @@ Priority: 512
 Auth-Type: Primary
 Auth:
 	[success=end default=ignore]	pam_radius_auth.so try_first_pass
+Auth-Initial:
+	[success=end default=ignore]	pam_radius_auth.so
 Account-Type: Primary
 Account:
 	[success=end new_authtok_reqd=done default=ignore]	pam_radius_auth.so try_first_pass
-- 
cgit v1.2.3