2

I am using CentOS 6.3 and want to enable ssh RADIUS authentication.

Right now my server is directly authenticated with RADIUS server. I want the server to authenticate with unix credentials first and after that to do authentication via RADIUS.

I'm pretty sure about that I have set something inside the file /etc/pam.d/sshd, but I'm not sure what it is I should set.

The configuration I'm using now is:

auth       required   /lib64/security/pam_radius_auth.so
auth       required   /lib64/security/pam_nologin.so
account    required   /lib64/security/pam_stack.so service=system-auth
password   required   /lib64/security/pam_stack.so service=system-auth
session    required   /lib64/security/pam_stack.so service=system-auth
session    required   /lib64/security/pam_limits.so
session    optional   /lib64/security/pam_console.so

But it is directly asking for RADIUS password only. Thanks in advance.

Deer Hunter
  • 1,070
  • 7
  • 17
  • 25
user178834
  • 19
  • 2
  • Now my setting is auth required /lib64/security/pam_radius_auth.so auth include system-auth auth required /lib64/security/pam_nologin.so account required /lib64/security/pam_stack.so service=system-auth password required /lib64/security/pam_stack.so service=system-auth session required /lib64/security/pam_stack.so service=system-auth session required /lib64/security/pam_limits.so session optional /lib64/security/pam_console.so In which it ask for radius password first and after that unix password. How can i make unix password first and Radius second. – user178834 Jun 22 '13 at 16:27

1 Answers1

0

Pls open 2 ssh sessions, one for editting pam file, the other is used in case PAM misconfiguration, and it locks you out

Pls try this config:

auth required /lib64/security/pam_radius_auth.so
auth include  system-auth
auth required /lib64/security/pam_nologin.so
..
Shâu Shắc
  • 356
  • 2
  • 4
  • If you need unix authen 1st, then just change the order – Shâu Shắc Jun 22 '13 at 17:03
  • Thanx dear.. What about solaris sparc version, In solaris pam configuration file is /etc/pam.conf Any idea for setting unix and after that radius authentication Thanx in advance – user178834 Jun 22 '13 at 17:07
  • Any idea to set banner for the unix and radius password ? Such as provide unix password and provide radius password? – user178834 Jun 22 '13 at 17:44