ftpd and PAM

Adil Katchi AdilK at sandvine.com
Thu Oct 16 10:26:14 PDT 2003


Hi,

I was just wondering if you'd be able to help me out. I'm trying to get
login, ftpd and ssh to authenticate using PAM/RADIUS.  I have setup a RADIUS
server (FreeRADIUS 0.9.0) and added a user/pass testuser/testpass.  On my
client machine, I created a template user called templateUser.  The reason
for this is so that when a new user needs to be added, it only needs to be
added on the RADIUS server.  When the client machine comes across a user
that does not exist in its password database, it defaults to the user
templateUser for "account" purposes.  I edited the pam.conf file on the
client machine so that it uses pam_radius.so when authenticating
login/ftpd/sshd.

The idea is that I should be able to login using testuser/testpass onto my
client machine even though testuser does not exist on that machine, but does
exist on the RADIUS server.  I am able to do this successfully when I use
login, but ftpd and sshd fail.  I debugged the RADIUS server and it does not
get a request from the client when I use ftpd or sshd with the user
testuser.  However, if I use the user templateUser, the RADIUS server does
get the request, but obviously rejects the user because it is not a valid
user on the RADIUS server.  So, I concluded that the ftpd and sshd programs
do not forward their requests to the RADIUS server when they can't find the
user on their local machines.  Is there a way to get around this?

Thanks,

Adil



More information about the freebsd-hackers mailing list