summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Login/RadiusServer.pm
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-10-27 16:33:53 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-10-27 18:52:28 -0700
commitc59ee6a1997c03729af1b677a07d786bc44f5e9f (patch)
treef050ab01d63dbaf6a88f6595b6d4b84bb26bf735 /lib/Vyatta/Login/RadiusServer.pm
parent5d2999ffb3a93966091c095cc85446ec62834c0f (diff)
downloadvyatta-cfg-system-c59ee6a1997c03729af1b677a07d786bc44f5e9f.tar.gz
vyatta-cfg-system-c59ee6a1997c03729af1b677a07d786bc44f5e9f.zip
Use pam-auth-update to configure radius
This keeps radius from fighting with tacacs+
Diffstat (limited to 'lib/Vyatta/Login/RadiusServer.pm')
-rw-r--r--lib/Vyatta/Login/RadiusServer.pm33
1 files changed, 2 insertions, 31 deletions
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm
index 2dadd2bb..820f6da2 100644
--- a/lib/Vyatta/Login/RadiusServer.pm
+++ b/lib/Vyatta/Login/RadiusServer.pm
@@ -27,41 +27,12 @@ my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$";
my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers';
my $PAM_RAD_END = '# END Vyatta Radius servers';
-sub is_pam_radius_present {
- open( my $auth, '<', '/etc/pam.d/common-auth' )
- or die "Cannot open /etc/pam.d/common-auth\n";
- my $present = grep { /\ssufficient\spam_radius_auth\.so$/ } <$auth>;
- close $auth;
- return $present;
-}
-
sub remove_pam_radius {
- return 1 if ( !is_pam_radius_present() );
- my $cmd =
- 'sudo sh -c "'
- . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;'
- . '/\tpam_unix\.so /{s/ use_first_pass$//}\' '
- . '/etc/pam.d/common-auth && '
- . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' '
- . '/etc/pam.d/common-account"';
- system($cmd);
- return 0 if ( $? >> 8 );
- return 1;
+ return system('sudo pam-auth-update --package --remove radius') == 0;
}
sub add_pam_radius {
- return 1 if ( is_pam_radius_present() );
- my $cmd =
- 'sudo sh -c "'
- . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$'
- . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' '
- . '/etc/pam.d/common-auth && '
- . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$'
- . '/account\tsufficient\tpam_radius_auth.so\n\1/\' '
- . '/etc/pam.d/common-account"';
- system($cmd);
- return 0 if ( $? >> 8 );
- return 1;
+ return system('sudo pam-auth-update --package --add radius') == 0;
}
sub update {