bin/169670: [pam] template_user is broken in pam_radius

[Brett E. Wynkoop]

>Number:         169670
>Category:       bin
>Synopsis:       [pam] template_user is broken in pam_radius
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 05 23:40:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Brett E. Wynkoop
>Release:        FreeBSD 7.3-STABLE i386 Through  9.0-RELEASE
>Organization:
>Environment:
System: FreeBSD dt0.int.harapartners.com 9.0-RELEASE FreeBSD 9.0-RELEASE #1: Wed Apr 11 11:50:56 EDT 2012     root at dt0.int.harapartners.com:/sys/amd64/compile/DT0-DUAL-VIDEO  amd64


	
>Description:
	Use of the template user causes pam_radius to always reture 
authentication failure.  Auth has been tested using radtest and radlogin from
the same host that pam_radius is failing on.  

>How-To-Repeat:
        configure pam_radius for use with a template user then attempt to log in
as a user not on the local system, but with good radius credentials.

        You should also look at pr-66095.  It seems that pr was closed without
any fix, but it gives very good full details of the issue.  I have tested on
FreeBSD 7.x and FreeBSD 9.0 with the same results.  Not having working a working
FreeBSD radius client configuration is very painful for large sites that have
radius servers!

>Fix:

     No Idea.


>Release-Note:
>Audit-Trail:
>Unformatted: