On Thu, Jun 10, 2004 at 02:12:52AM -0400, Asif Iqbal wrote: > I have the radius client, Solaris 8, setup like this on /etc/pam.conf > > login auth required /usr/lib/security/pam_radius_auth.so.1 > sshd auth required /usr/lib/security/pam_radius_auth.so.1 > > So when user logs in, he/she gets authenticated against the remote radius > server which is declared in my /etc/raddb/server file > > However, when root tries to login it fails since I don't have (and I > dont want to) a radius account for my root > > Now how do I make sure my users are not allowed to login with local > systems account but just radius account (on remote server) while only > root can login with local account?
Make pam_unix sufficient. Make sure your users cannot set their passwords; say, chmod u-s /bin/passwd. Make sure that no users have passwords set except root. - Morty - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
