Merge pull request #2220 from sever-sever/T5554

T5554: Disable sudo for PAM RADIUS
author: Christian Breunig <christian@breunig.cc> 2023-09-08 17:36:00 +0200
committer: GitHub <noreply@github.com> 2023-09-08 17:36:00 +0200
commit: 28ccebeac2ee4390d7c109a8a2da6b24769ab113 (patch)
tree: 96f05a2636fc8f1831a8adf3f7d4cd1236612b6e /src
parent: 8d3b9b6729ac906d0bbec0ce8ab2c0a21a2343fc (diff)
parent: 01b30eb6d83cdb2ae43b956d29ac7ac1d4445776 (diff)
download: vyos-1x-28ccebeac2ee4390d7c109a8a2da6b24769ab113.tar.gz
vyos-1x-28ccebeac2ee4390d7c109a8a2da6b24769ab113.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/pam-configs/radius b/src/pam-configs/radius
index 08247f77c..eee9cb93e 100644
--- a/src/pam-configs/radius
+++ b/src/pam-configs/radius
@@ -3,15 +3,18 @@ Default: no
 Priority: 257
 Auth-Type: Primary
 Auth:
+    [default=ignore success=2] pam_succeed_if.so service = sudo
     [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=end default=ignore] pam_radius_auth.so
 
 Account-Type: Primary
 Account:
+    [default=ignore success=2] pam_succeed_if.so service = sudo
     [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_radius_auth.so
 
 Session-Type: Additional
 Session:
+    [default=ignore success=2] pam_succeed_if.so service = sudo
     [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=ok default=ignore] pam_radius_auth.so
author	Christian Breunig <christian@breunig.cc>	2023-09-08 17:36:00 +0200
committer	GitHub <noreply@github.com>	2023-09-08 17:36:00 +0200
commit	28ccebeac2ee4390d7c109a8a2da6b24769ab113 (patch)
tree	96f05a2636fc8f1831a8adf3f7d4cd1236612b6e /src
parent	8d3b9b6729ac906d0bbec0ce8ab2c0a21a2343fc (diff)
parent	01b30eb6d83cdb2ae43b956d29ac7ac1d4445776 (diff)
download	vyos-1x-28ccebeac2ee4390d7c109a8a2da6b24769ab113.tar.gz vyos-1x-28ccebeac2ee4390d7c109a8a2da6b24769ab113.zip