Made a lot of progress on this today. I decided to use pam_sessionrun for a POC rather than worry 'bout writing c code for user add/deletes.
It's working somewhat. pam_auth_radius (and perhaps pam in general, not sure yet) seems to want the user to exist or it sends crap for the passwd to radius. Specifically: Feb 17 19:21:22 mypocbox sshd[13804]: pam_radius_auth: Sending RADIUS request password ^M^?INCORRECT So what happens is I created a prelogin event to run a useradd script before it goes to the radius plugin. This works fine, but then sends crap to radius for the passwd. If I kill that ssh session and try again, works fine since the user has been added by the previous session. Hopefully tomorrow I'll solve that mystery, but if somebody has a clue as to why pam_radius_auth sends crap to radius if the user doesn't exist on the machine that would be useful information to have for my work tomorrow. R. Marc ` - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html