similar to: Support user certificate through PAM

Hi We recenlty ugraded to openssh-3.7.1p2. Our architecture is ssh daemon uses pam module which sends request to remote radius/tacacs+ servers based on configuration. Now if I create the user in /etc/passwd, then ssh daemon calls pam and everthing works fine. But if the user is not present in /etc/passwd, then ssh daemon is not calling pam. The debug log is given below. All these

On Tue, 2002-10-29 at 05:01, Hielke Christian Braun wrote: > i am trying to use dovecot with pam and radius. My users have names > in the format joe at somedomain.com. When i have pam configured to use > the normal passwd/shadow files it works fine. With radius it does not. > I see at the radius server that the domain part of my usernames > is always replaced with the same domain

Hi, I'm currently testing dovecot to authenticate user passwords against a radius server, via pam_radius_auth, and that seems to work fine. However, I am running other software (Exim MTA) that also authenticates via radius, using the radiusclient library from: http://www.mcs.de/~lf/radius/ Is there any chance that this library could be used by Dovecot as a further authentication option, and

Hi, We are running a 3 DC samba AD domain, and use 802.1x authentication for the win10 workstations to access the wired network. We are facing the issue where, following windows updates, our windows clients keep changing back the 802.1x settings to the windows default, namely: to verify the server identity and do computer authentication only. The latter is no problem, but the first one

Hi I am trying to write pam_radius module which talks to RADIUS server for aaa. I see sshd checks /etc/passwd for user list. Since RADIUS server has user list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please suggest if there are any flags to control it. I am using the following versions. OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 I see sssd (NAS) being used for such use

Further to my original question about PAM on OpenBSD for OpenSSH, it may be non-trivial to get any PAM stuff onto OpenBSD (Thanks to Ben Lindstrom for his suggestion, which I'll try, using a gnu/loonucks PAM package, any suggestions for which one to use, or where to get it from? I'm not very clueful when it comes to GNU/linux). So, I remember in a past life hacking suport for other auth

I've been through the archive, and not found anything conclusive, except for a problem report of sorts from Theo E. Schlossnag (who has a set of patches for SecurID integration). I'm about to replace some ssh 1.2.26 (I know!) installations with OpenSSH 2.5.1p2, on Solaris 2.6 sparc boxes, and we use SecurID tokens for these boxes. I've compiled up OpenSSH 2.5.1p2 with --with-pam,

Hi Vijay, > I am Vijay Mahantesh SM from India. I am an open > source enthusiast and a big fan of computational mathematics and research. > I came across the idea list of mentioned in the link<http://trac.xapian.org/wiki/GSoCProjectIdeas> and > was fascinated to find projects of my passion. As per my understanding of > the project, this project requires a good

Hi, I am trying to configure ssh/pam to use freeradius as one of the authentication sources on a C6 box. I have freeradius running on a separate box with 2 factor authentication. Using the radtest utility, I can successfully authenticate. My problem is that I do not understand how to configure pam to use radius as an auth source and be sure I am not opening a security hole in my systems. While

Hi ! Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem. Firstly, I'm using : - openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS. - I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file : #%PAM-1.0 auth

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

I know this is slightly off-topic. I'm looking at a way to use PAM with OpenSSH, on OpenBSD 2.7 (which at the moment as far as I can tell has no PAM support). I wonder how hard it would be to spoof the config of the portable OpenSSH into thinking it was on something that supported PAM, and then having a wrapper of some sort to connect to a PAM module? Some background: I have a requirement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, sorry to bother you with this. I'm trying to set up an experimental system (which may become production if it ever gets off the ground) and it's not working. The short version: I'm trying to get Dovecot 1.2.4 to authenticate against a customised PAM module. In short, we're using a specialised OTP radius backend. One of my

Greetings all, I'm working on attempting to get SAMBA to work with a product line called CryptoCard. I *should* be able to get it to work one of two ways, either through the use of CryptoCard's provided PAM module, or through RADIUS authentication. Currently, I cannot seem to get PAM authentication to work at all. This is what is in the 'samba' file for PAM: auth

Dear Sirs, I?m writting a pam module for Radius authentication, which should allow a remote login via ssh on a Linux machine with an openssh server. In particular, the user which is configured at the remote Radius server is not present on the local user database of the Linux machine. Unfortunatly, openssh will not allow to start a PAM user authentication if cannot find the user login in the

Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to

Hi Everyone, Has anyone tried to configure the ssh service under pam.d to authentication against a radius service? I have compiled and installed the pam_radius_auth module but am unable to get the configurations working properly. Any samples configurations will be appreciated. Thanks. -- "I never look back darling, it distracts from the now", Edna Mode (The Incredibles)

Hi, this is merely FYI, but i would appreciate if someone had any comments or further information on the topic. We were using the following setup : cryptocard easyradius with RB-1 hardware tokens (hex or decimal display, synchronous (quicklog) mode) f-secure ssh with pam radius authentication This worked fine until we updated to openssh 2.9p2. Then all authentications where the response

http://bugzilla.mindrot.org/show_bug.cgi?id=559 ------- Additional Comments From joerg.albert at gmx.de 2004-02-20 02:35 ------- Hi Frank, > FWIW, I actually have a valid use for that behavior (not just having a > feature for feature's sake). A device that > logs folks in to a single role account, but using individual usernames > and secrets. Via PAM, that's possible

Hello! I would like to setup ssh on solaris7/x86 to use PAM authentication by pam_radius_auth. Neither openssh-1.2.2 nor ssh-1.2.27 with ssh-1.2.27.pam.patch work with it - I've got message: debug: RSA authentication for test failed. On remete radius server I've information in logs that authentication was accepted(!). When I connect by telnet all is right. My /etc/pam.conf: login