The pam_radius_auth module is installed on linux, and if the user-A is not created in local and only existed in remote radius server. In following function() in pam_radius_auth.c, the *password always is INCORRECT +++++++++++++code+++++++++++++ static int rad_converse(pam_handle_t *pamh, int msg_style, char *message, char **password) { CONST struct pam_conv *conv; struct pam_message resp_msg; CONST struct pam_message *msg[1]; struct pam_response *resp = NULL; int retval;
resp_msg.msg_style = msg_style; resp_msg.msg = message; msg[0] = &resp_msg; /* grab the password */ retval = pam_get_item(pamh, PAM_CONV, (CONST void **) &conv); PAM_FAIL_CHECK; retval = conv->conv(1, msg, &resp,conv->appdata_ptr); < it seems the resp is saved some useful info. PAM_FAIL_CHECK; if (password) { /* assume msg.type needs a response */ /* I'm not sure if this next bit is necessary on Linux */ _pam_log(LOG_ERR, "enter in"); #ifdef sun /* NULL response, fail authentication */ if ((resp == NULL) || (resp->resp == NULL)) { return PAM_SYSTEM_ERR; } #endif *password = resp->resp; <<<< saved the retrun value to *password. (value is INCORRECT) free(resp); } return PAM_SUCCESS; } +++++++++++++code+++++++++++++ Not familiar with this module, can anybody give some instrutions? -- View this message in context: http://freeradius.1045715.n5.nabble.com/ssh-authentication-failed-problem-use-freeradius-pam-radius-tp5687733p5713359.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html