FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 03-02-2012, 01:09 PM
 
Default pam and radius config problem

Hi,

I am trying to configure ssh/pam to use freeradius as one of the authentication
sources on a C6 box.

I have freeradius running on a separate box with 2 factor authentication.
Using the radtest utility, I can successfully authenticate. My problem is that
I do not understand how to configure pam to use radius as an auth source and
be sure I am not opening a security hole in my systems.

While googling, I have found several howto's that talk about how to do this
using the pam_radius utility but the examples do not match what is found in
/etc/pam.d/sshd.

What I would like to accomplish is the following:

1. Allow logins using ssh keys.

2. If that fails, Allow login via radius.

3. if not on the local network disallow login via a regular user name and passwd.

I think 3 might be able to be accomplished via a match statement in sshd.conf but
I am not sure.

Does anyone know how to do this in a secure way?

If I start modifying the pam.d configuration files, how can I be sure I am not
opening up a security hole?

Regards,

--
Tom me@tdiehl.org Spamtrap address me123@tdiehl.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:03 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org