vyos-1x.git/src/pam-configs/radius, branch current-merge-commit-handling

vyos-1x.git/src/pam-configs/radius, branch current-merge-commit-handling VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current-merge-commit-handling 2023-09-13T17:41:43+00:00 RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUS 2023-09-13T17:41:43+00:00 zsdc taras@vyos.io 2023-09-13T09:41:04+00:00 urn:sha1:5181ab60bb6d936505967d6667adc12c5ecb9b64 In CLI we can choose authentication logic: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode. T5554: Disable sudo for PAM RADIUS 2023-09-08T12:24:16+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-09-07T17:18:53+00:00 urn:sha1:01b30eb6d83cdb2ae43b956d29ac7ac1d4445776 Disable sudo for PAM RADIUS template that slows down the CLI commands To fix it add: session [default=ignore success=2] pam_succeed_if.so service = sudo tacacs: T141: create new UNIX group for aaa 2023-06-21T21:17:27+00:00 Christian Breunig christian@breunig.cc 2023-06-21T20:08:16+00:00 urn:sha1:edc753ad22c03a7e96c6e2323cd551f50588d686 radius: T3510: authenticated users must use /sbin/radius_shell as shell 2021-05-02T15:13:40+00:00 Christian Poessinger christian@poessinger.com 2021-05-02T13:53:32+00:00 urn:sha1:0e5a90ad70edbcc6334f1737a6855d02f8ffd130 login: radius: T2089: only query servers when uid matches ... 2020-03-01T19:03:45+00:00 Christian Poessinger christian@poessinger.com 2020-03-01T19:03:45+00:00 urn:sha1:fb3eba1d4623e63323c439682e2c7cc2dcb949e1 Do not query RADIUS servers when commit is running started from a non RADIUS user (localuser, root). This should reduce the overall system boot time. radius: T2022: support both local and radius login at the same time 2020-02-09T14:14:34+00:00 Christian Poessinger christian@poessinger.com 2020-02-09T14:14:34+00:00 urn:sha1:e76325e6902b9a857b9e544accd5b020439aa8e7 radius: T1948: supply PAM configuration template 2020-02-05T18:35:32+00:00 Christian Poessinger christian@poessinger.com 2020-02-05T18:33:18+00:00 urn:sha1:74329734d3c465675ec3650cb2b8d1cbe8ec0885