I am looking to have SSH authenticate to a RADIUS server. I believe that PAM is supported for SSH authentication, so I planned on linking PAM to SSH (which I think is setup by default). From there, I want to tie PAM to RADIUS. I only want to use this authentication method for remote user access. So if I understand the process, it would look like this:
SSH from WKSTN-->SSH (pt 22)-->AUTH REQ to PAM-->PAM req to RADIUS (pt 1812)-->RADIUS proxy req to EXTERNAL RADIUS SERVER-->AUTH VERIFIED from RADIUS to PAM-->Auth verified in PAM-->SSH tunnel closed
What I need to figure out is this.
1. Do I need to run FreeRADIUS if I want to send auth reqs to an external RADIUS server?
2. How do I confiugre PAM to call the RADIUS client for auth reqs?
3. Do I need to modify SSH for this process?
Thanks for your help. This is a new step in expanding my Linux knowledge.
TZ
From: "Alan DeKok" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: RADIUS and PAM configuration help Date: Sat, 18 Dec 2004 19:19:34 -0500
"Toby Zimmerer" <[EMAIL PROTECTED]> wrote:
> I have reviewed the FAQ from the freeradius site and the instructions are as
> clear as mud. I need to get some clarification on how exactly to tie in the
> PAM modules to RADIUS. The aforementioned FAQ appears to be geared towards
> a KERNEL expert, not a standard user.
PAM isn't part of the kernel, and neither is RADIUS. The FAQ assumes that the reader is somewhat familiar with PAM and RADIUS.
> Any help provided is greatly appreciated and I will compose a > concise set of instructions on how to configure PAM to work with > RADIUS.
Do you want FreeRADIUS to call a PAM module for authentication, or do you want a PAM module to use RADIUS for authentication? They are very different things.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
