bin/169670: [pam] template_user is broken in pam_radius
Brett E. Wynkoop
wynkoop at wa3yre.wynn.com
Thu Jul 5 23:40:01 UTC 2012
>Number: 169670
>Category: bin
>Synopsis: [pam] template_user is broken in pam_radius
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 05 23:40:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Brett E. Wynkoop
>Release: FreeBSD 7.3-STABLE i386 Through 9.0-RELEASE
>Organization:
>Environment:
System: FreeBSD dt0.int.harapartners.com 9.0-RELEASE FreeBSD 9.0-RELEASE #1: Wed Apr 11 11:50:56 EDT 2012 root at dt0.int.harapartners.com:/sys/amd64/compile/DT0-DUAL-VIDEO amd64
>Description:
Use of the template user causes pam_radius to always reture
authentication failure. Auth has been tested using radtest and radlogin from
the same host that pam_radius is failing on.
>How-To-Repeat:
configure pam_radius for use with a template user then attempt to log in
as a user not on the local system, but with good radius credentials.
You should also look at pr-66095. It seems that pr was closed without
any fix, but it gives very good full details of the issue. I have tested on
FreeBSD 7.x and FreeBSD 9.0 with the same results. Not having working a working
FreeBSD radius client configuration is very painful for large sites that have
radius servers!
>Fix:
No Idea.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list