From 01b30eb6d83cdb2ae43b956d29ac7ac1d4445776 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Thu, 7 Sep 2023 17:18:53 +0000
Subject: T5554: Disable sudo for PAM RADIUS

Disable sudo for PAM RADIUS template that slows down the CLI commands
To fix it add:

session [default=ignore success=2] pam_succeed_if.so service = sudo
---
 src/pam-configs/radius | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/pam-configs/radius b/src/pam-configs/radius
index 08247f77c..eee9cb93e 100644
--- a/src/pam-configs/radius
+++ b/src/pam-configs/radius
@@ -3,15 +3,18 @@ Default: no
 Priority: 257
 Auth-Type: Primary
 Auth:
+    [default=ignore success=2] pam_succeed_if.so service = sudo
     [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=end default=ignore] pam_radius_auth.so
 
 Account-Type: Primary
 Account:
+    [default=ignore success=2] pam_succeed_if.so service = sudo
     [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_radius_auth.so
 
 Session-Type: Additional
 Session:
+    [default=ignore success=2] pam_succeed_if.so service = sudo
     [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet
     [authinfo_unavail=ignore success=ok default=ignore] pam_radius_auth.so
-- 
cgit v1.2.3