Reputation: 983
Authenticate Radius user using pam and ssh
I am able to authenticate radius users using radius server+pam+ssh with creating local user with blank password in linux.
Is it possible to authenticate radius users without creating users in local machine with blank password?
/etc/pam.d/ssh file as below
#%PAM-1.0
auth sufficient pam_radius_auth.so debug
auth sufficient pam_unix.so use_first_pass
auth required pam_auth_status.so
account sufficient pam_unix.so
account required pam_auth_status.so
session required pam_unix.so
Upvotes: 0
Views: 3679
Answers (2)
Reputation: 830
I found two nss libraries that could help in this case:
- libnss-mapuser from Cumulus Linux.
- libnss-ato
The general process is that these will map unknown (but authenticated) user to a single user template. Each user will get his/her own /home folder though but both libs have in common that the user id will be the same.
These packages are mainly targeted at network devices where there is no ldap setup done. Cumulus describes the setup nicely.
I recommend reading https://serverfault.com/questions/538383/understand-pam-and-nss to understand what is happening there.
Upvotes: 0
Reputation: 504
You can authenticate the user without creating an entry for him in /etc/passwd and /etc/shadow files. But now , the user is not associated with any shell in '/etc/passwd' , so it can be of no use.
Do you want to launch a shell after authentication or you want the user just to be authenticated?
Upvotes: 0
Related Questions
- FreeRadius - Failed binding to authentication address
- Freeradius users operators
- Freeradius + Openldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
- Freeradius - No authenticate method found
- How to authenticate a user using PAM?
- Freeradius server authentication issue
- Authenticate remote user on linux with username/password credentials
- SSH + Radius + LDAP
- Authentication, Authorization And Accounting? (PAM, RADIUS - again)
- Authentication, Authorization And Accounting? (PAM, RADIUS)