Re: [Q] openssh-3.8.1p1 + radius PAM
From: Logu (logsnaath_at_gmx.net)
Date: 08/18/04
- Previous message: Roumen Petrov: "Announce: X.509 certificates support in OpenSSH-3.9p1"
- In reply to: radorjan_at_ratech.net: "[Q] openssh-3.8.1p1 + radius PAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <secureshell@securityfocus.com> Date: Wed, 18 Aug 2004 11:13:12 +0530
> I have a linux box being used as a firewall router and wanted to use ssh
> with radius authentication (same radius used to authenticate for other
> networking equipment). I modified the radius PAM to replace a valid
> radius user with a generic username (I don't really want a lot of user
> accounts on the box, but want to keep track of who logged on via radius
> log).
>
> With telnet the configuration works (goal is to turn off telnet), but with
> ssh it appears to authenticate the user inside SSH first (basically
> ignoring the settings in /etc/pam.d/sshd). Is there any trick to having
> SSH authenticate first to the radius PAM (so it can replace the username
> with the generic one)?
Have you enabled pam while compiling? If yes, have you set "UsePam Yes" in
the sshd_config file.
-Logu
- Previous message: Roumen Petrov: "Announce: X.509 certificates support in OpenSSH-3.9p1"
- In reply to: radorjan_at_ratech.net: "[Q] openssh-3.8.1p1 + radius PAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
