diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-10-27 16:33:53 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2009-10-27 18:52:28 -0700 |
commit | c59ee6a1997c03729af1b677a07d786bc44f5e9f (patch) | |
tree | f050ab01d63dbaf6a88f6595b6d4b84bb26bf735 /lib/Vyatta/Login | |
parent | 5d2999ffb3a93966091c095cc85446ec62834c0f (diff) | |
download | vyatta-cfg-system-c59ee6a1997c03729af1b677a07d786bc44f5e9f.tar.gz vyatta-cfg-system-c59ee6a1997c03729af1b677a07d786bc44f5e9f.zip |
Use pam-auth-update to configure radius
This keeps radius from fighting with tacacs+
Diffstat (limited to 'lib/Vyatta/Login')
-rw-r--r-- | lib/Vyatta/Login/RadiusServer.pm | 33 |
1 files changed, 2 insertions, 31 deletions
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index 2dadd2bb..820f6da2 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -27,41 +27,12 @@ my $PAM_RAD_TMP = "/tmp/pam_radius_auth.$$"; my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers'; my $PAM_RAD_END = '# END Vyatta Radius servers'; -sub is_pam_radius_present { - open( my $auth, '<', '/etc/pam.d/common-auth' ) - or die "Cannot open /etc/pam.d/common-auth\n"; - my $present = grep { /\ssufficient\spam_radius_auth\.so$/ } <$auth>; - close $auth; - return $present; -} - sub remove_pam_radius { - return 1 if ( !is_pam_radius_present() ); - my $cmd = - 'sudo sh -c "' - . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d;' - . '/\tpam_unix\.so /{s/ use_first_pass$//}\' ' - . '/etc/pam.d/common-auth && ' - . 'sed -i \'/\tsufficient\tpam_radius_auth\.so$/d\' ' - . '/etc/pam.d/common-account"'; - system($cmd); - return 0 if ( $? >> 8 ); - return 1; + return system('sudo pam-auth-update --package --remove radius') == 0; } sub add_pam_radius { - return 1 if ( is_pam_radius_present() ); - my $cmd = - 'sudo sh -c "' - . 'sed -i \'s/^\(auth\trequired\tpam_unix\.so.*\)$' - . '/auth\tsufficient\tpam_radius_auth.so\n\1 use_first_pass/\' ' - . '/etc/pam.d/common-auth && ' - . 'sed -i \'s/^\(account\trequired\tpam_unix\.so.*\)$' - . '/account\tsufficient\tpam_radius_auth.so\n\1/\' ' - . '/etc/pam.d/common-account"'; - system($cmd); - return 0 if ( $? >> 8 ); - return 1; + return system('sudo pam-auth-update --package --add radius') == 0; } sub update { |