summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorzsdc <taras@vyos.io>2023-09-13 12:41:04 +0300
committerzsdc <taras@vyos.io>2023-11-20 18:44:31 +0200
commit2a023b878471500bd78962ca94d9174a328ce5c9 (patch)
tree2d3ccd8d77cb6410d943395b72a963f07a0c5e70 /debian
parent9cf2f2c8019b0d0279d6af942a08b6bd829daa16 (diff)
downloadvyos-1x-2a023b878471500bd78962ca94d9174a328ce5c9.tar.gz
vyos-1x-2a023b878471500bd78962ca94d9174a328ce5c9.zip
RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUS
In CLI we can choose authentication logic: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode.
Diffstat (limited to 'debian')
-rw-r--r--debian/vyos-1x.postinst2
-rw-r--r--debian/vyos-1x.preinst1
2 files changed, 0 insertions, 3 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index e70db93b5..837fcf995 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -91,7 +91,6 @@ if ! grep -q '^radius_user' /etc/passwd; then
adduser --quiet radius_user adm
adduser --quiet radius_user dip
adduser --quiet radius_user users
- adduser --quiet radius_user aaa
fi
# Add RADIUS admin user for RADIUS authenticated users to map to
@@ -107,7 +106,6 @@ if ! grep -q '^radius_priv_user' /etc/passwd; then
adduser --quiet radius_priv_user disk
adduser --quiet radius_priv_user users
adduser --quiet radius_priv_user frr
- adduser --quiet radius_priv_user aaa
fi
# add hostsd group for vyos-hostsd
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst
index 12866cd55..df99661b1 100644
--- a/debian/vyos-1x.preinst
+++ b/debian/vyos-1x.preinst
@@ -2,7 +2,6 @@ dpkg-divert --package vyos-1x --add --no-rename /etc/securetty
dpkg-divert --package vyos-1x --add --no-rename /etc/security/capability.conf
dpkg-divert --package vyos-1x --add --no-rename /lib/systemd/system/lcdproc.service
dpkg-divert --package vyos-1x --add --no-rename /etc/logrotate.d/conntrackd
-dpkg-divert --package vyos-1x --add --no-rename /usr/share/pam-configs/radius
dpkg-divert --package vyos-1x --add --no-rename /usr/share/pam-configs/tacplus
dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.conf
dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.bashrc