Mordechai T. Abzug wrote: > On Tue, Jun 08, 2004 at 09:20:36AM -0400, Asif Iqbal wrote: > > Hi All > > > > I am using pam_radius in Solaris 8 to allow my users login with their > > radius accounts. However I would like *only* the root account to be able > > to login with local unix account. > > Well, what is radius authenticating against? You should be able to > allow root to authenticate against system in your users file. > > - Morty
I have the radius client, Solaris 8, setup like this on /etc/pam.conf login auth required /usr/lib/security/pam_radius_auth.so.1 sshd auth required /usr/lib/security/pam_radius_auth.so.1 So when user logs in, he/she gets authenticated against the remote radius server which is declared in my /etc/raddb/server file However, when root tries to login it fails since I don't have (and I dont want to) a radius account for my root Now how do I make sure my users are not allowed to login with local systems account but just radius account (on remote server) while only root can login with local account? Sorry for such a long question. Thanks for your help -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu There's no place like 127.0.0.1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
