TechQA.

Authenticate Radius user using pam and ssh

3.1k views Asked by At

I am able to authenticate radius users using radius server+pam+ssh with creating local user with blank password in linux.

Is it possible to authenticate radius users without creating users in local machine with blank password?

/etc/pam.d/ssh file as below

#%PAM-1.0
auth    sufficient      pam_radius_auth.so debug
auth    sufficient      pam_unix.so use_first_pass
auth    required        pam_auth_status.so                
account sufficient      pam_unix.so 
account required        pam_auth_status.so    
session required        pam_unix.so
ssh radius pam freeradius
Original Q&A
2

There are 2 answers

1
soma sekhar On

You can authenticate the user without creating an entry for him in /etc/passwd and /etc/shadow files. But now , the user is not associated with any shell in '/etc/passwd' , so it can be of no use.

Do you want to launch a shell after authentication or you want the user just to be authenticated?

0
Jonathan On

I found two nss libraries that could help in this case:

The general process is that these will map unknown (but authenticated) user to a single user template. Each user will get his/her own /home folder though but both libs have in common that the user id will be the same.

These packages are mainly targeted at network devices where there is no ldap setup done. Cumulus describes the setup nicely.

I recommend reading https://serverfault.com/questions/538383/understand-pam-and-nss to understand what is happening there.

Related Questions in SSH

Related Questions in RADIUS

Related Questions in PAM

Related Questions in FREERADIUS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions