summaryrefslogtreecommitdiff
path: root/src/pam-configs/radius
AgeCommit message (Collapse)Author
2023-11-20RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUSzsdc
In CLI we can choose authentication logic: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode.
2023-09-08T5554: Disable sudo for PAM RADIUSViacheslav Hletenko
Disable sudo for PAM RADIUS template that slows down the CLI commands To fix it add: session [default=ignore success=2] pam_succeed_if.so service = sudo (cherry picked from commit 01b30eb6d83cdb2ae43b956d29ac7ac1d4445776)
2023-06-21tacacs: T141: create new UNIX group for aaaChristian Breunig
2021-05-02radius: T3510: authenticated users must use /sbin/radius_shell as shellChristian Poessinger
2020-03-01login: radius: T2089: only query servers when uid matches ...Christian Poessinger
Do not query RADIUS servers when commit is running started from a non RADIUS user (localuser, root). This should reduce the overall system boot time.
2020-02-09radius: T2022: support both local and radius login at the same timeChristian Poessinger
2020-02-05radius: T1948: supply PAM configuration templateChristian Poessinger