Hi, I got the radius authentication working using SecurID by configuring a radius entry in the /etc/pam.conf or modifying /etc/pam.d/radiusd to use the SecurID_PAM lib. So to all who wonder if it works, yes is does and under linux it's a beauty (BTW, users need an entry in the password file so we can lookup the account validity but password need not to be known to users if they don't need to logon the server as the PAM_SecurID authentication can be set for all shell access but root).
The problems is that under solaris9 64 bits, the program exits as soon as I do a radtest. This problem seems to be associated to the "ps -efl" done in the freeradius PAM module. When I rename /usr/bin/sparcv9/ps to /usr/bin/sparcv9/ps.old, I do not have this problem but as you guessed "ps" doesn't work for all users anymore. Solaris /etc/pam.conf radiusd auth sufficient pam_securid.so radiusd account required pam_unix_account.so.1 Linux /etc/pam.d/radiusd #%PAM-1.0 auth sufficient /lib/security/pam_securid.so #auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth (so that we can lookup the account validity, maybe not needed but it does'nt work without it) #password required pam_stack.so service=system-auth #session required pam_stack.so service=system-auth Here are some debug logs: rad_check_password: Found Auth-Type PAM auth: type "PAM" modcall: entering group authenticate for request 0 pam_pass: using pamauth string <radiusd> for pam.conf lookup MASTER: Child PID 10191 failed to catch signal 9: killing all active servers. Here are the "truss" for the shell that was executing the daemon in debug mode for the above logs section 10142: kill(10168, SIGKILL) = 0 10142: waitid(P_PID, 10168, 0xFFBFC128, WEXITED|WTRAPPED|WNOHANG) = 0 (MANY MANY OF THESE) 10142: kill(10168, SIGKILL) = 0 10142: waitid(P_PID, 10168, 0xFFBFC128, WEXITED|WTRAPPED|WNOHANG) = 0 10142: Received signal #18, SIGCLD [caught] 10142: siginfo: SIGCLD CLD_KILLED pid=10168 status=0x0009 10142: sigprocmask(SIG_SETMASK, 0xFFBFBD2C, 0x00000000) = 0 10142: waitid(P_PID, 10168, 0xFFBFC128, WEXITED|WTRAPPED|WNOHANG) = 0 10142: kill(10168, SIGKILL) = 0 10142: waitid(P_PID, 10168, 0xFFBFC128, WEXITED|WTRAPPED|WNOHANG) = 0 10142: Received signal #18, SIGCLD [caught] 10142: siginfo: SIGCLD CLD_KILLED pid=10168 status=0x0009 10142: sigprocmask(SIG_SETMASK, 0xFFBFBD2C, 0x00000000) = 0 10142: sigaction(SIGCLD, 0xFFBFBA68, 0xFFBFBB88) = 0 10142: waitid(P_ALL, 0, 0xFFBFBAF8, WEXITED|WTRAPPED|WNOHANG) = 0 10142: time() = 1080756574 10142: write(1, " M A S T E R : C h i l".., 79) = 79 10142: kill(-10142, SIGTERM) = 0 10142: Received signal #15, SIGTERM [caught] 10142: sigprocmask(SIG_SETMASK, 0xFFBFB83C, 0x00000000) = 0 10142: sigprocmask(SIG_SETMASK, 0xFF01A074, 0xFFBFB5F0) = 0 10142: lwp_unpark(1, 1) = 0 10142: setcontext(0xFFBFB600) 10142: _exit(1) Well, if someone could help me resolving this issue (sry I don't code), I could make a how-to doc for the freeradius.org website once this issue is resolved. Thanks Yan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
