1 **********************************************************************
2 Redhat Linux 4.2 (PAM 0.54)
3 **********************************************************************
7 Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so
9 In /etc/pam.conf, add the line:
11 login auth sufficient /lib/security/pam_radius_auth.so
15 login auth required /lib/security/pam_securetty.so
19 login auth required /lib/security/pam_unix_auth.so
23 login auth required /lib/security/pam_securetty.so
24 login auth sufficient /lib/security/pam_radius_auth.so
25 login auth required /lib/security/pam_unix_auth.so
28 **********************************************************************
30 **********************************************************************
34 Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so
36 In the per-application configuration (/etc/pam.d/application) add:
38 auth sufficient /lib/security/pam_radius_auth.so
42 auth required /lib/security/pam_securetty.so
46 auth required /lib/security/pam_unix_auth.so
50 auth required /lib/security/pam_securetty.so
51 auth sufficient /lib/security/pam_radius_auth.so
52 auth required /lib/security/pam_unix_auth.so
55 **********************************************************************
57 **********************************************************************
61 Copy 'pam_radius_auth.so' to /usr/lib/security/pam_radius_auth.so.1
63 in /etc/pam.conf, add the line:
65 login auth sufficient /usr/lib/security/pam_radius_auth.so.1
69 login auth required /usr/lib/security/pam_unix_auth.so.1
71 You will probably also have to add the lines:
73 telnet auth sufficient /usr/lib/security/pam_radius_auth.so.1
74 telnet auth required /usr/lib/security/pam_unix.so.1
76 in order to perform network logins.
78 ----------------------------------------------------------------------
80 Password change requests are pretty much the same. Add a line like:
82 passwd password sufficient /lib/security/pam_radius_auth.so
86 Note that password change requests will NOT work for RADIUS users
87 using challenge-response authentication.
89 ----------------------------------------------------------------------
91 If you're familiar with PAM, configuring RADIUS authentication for
92 other applications should be straightforward.
94 Note that you should be *very* careful when configuring users who
95 use RADIUS challenge-response. They should *not* have a Unix password
96 defined, or the challenge-response token card may become meaningless.
98 Users who have have a RADIUS challenge-response configuration must
99 enter an initial password, unless 'skip_passwd' (see below) is
100 defined. The password they enter may not be blank or empty.
102 ----------------------------------------------------------------------
104 You will need a server configuration file. An example is given in
105 the file pam_radius_auth.conf. You will need to copy this file to
106 /etc/raddb/server. The file MUST be secure! i.e.
108 chown root /etc/raddb
109 chmod go-rwx /etc/raddb
110 chmod go-rwx /etc/raddb/server
112 See 'USAGE' for details of the configuration file.
114 ----------------------------------------------------------------------