ftpd and PAM
Adil Katchi
AdilK at sandvine.com
Thu Oct 16 10:26:14 PDT 2003
Hi,
I was just wondering if you'd be able to help me out. I'm trying to get
login, ftpd and ssh to authenticate using PAM/RADIUS. I have setup a RADIUS
server (FreeRADIUS 0.9.0) and added a user/pass testuser/testpass. On my
client machine, I created a template user called templateUser. The reason
for this is so that when a new user needs to be added, it only needs to be
added on the RADIUS server. When the client machine comes across a user
that does not exist in its password database, it defaults to the user
templateUser for "account" purposes. I edited the pam.conf file on the
client machine so that it uses pam_radius.so when authenticating
login/ftpd/sshd.
The idea is that I should be able to login using testuser/testpass onto my
client machine even though testuser does not exist on that machine, but does
exist on the RADIUS server. I am able to do this successfully when I use
login, but ftpd and sshd fail. I debugged the RADIUS server and it does not
get a request from the client when I use ftpd or sshd with the user
testuser. However, if I use the user templateUser, the RADIUS server does
get the request, but obviously rejects the user because it is not a valid
user on the RADIUS server. So, I concluded that the ftpd and sshd programs
do not forward their requests to the RADIUS server when they can't find the
user on their local machines. Is there a way to get around this?
Thanks,
Adil
More information about the freebsd-hackers
mailing list