From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 21 17:13:13 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DD59F16A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 17:13:13 +0000 (GMT)
Received: from unsane.co.uk (unsane.co.uk [62.140.220.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 39F7443D48
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 17:13:13 +0000 (GMT)
	(envelope-from jhary@unsane.co.uk)
Received: from unsane.co.uk (localhost [127.0.0.1])
	by unsane.co.uk (8.13.3/8.13.3) with ESMTP id j3LHCWRs023353
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 18:12:32 +0100 (BST)
	(envelope-from jhary@unsane.co.uk)
Received: from localhost (jhary@localhost)
	by unsane.co.uk (8.13.3/8.13.3/Submit) with ESMTP id j3LHCVn4023350
	for <freebsd-questions@freebsd.org>;
	Thu, 21 Apr 2005 18:12:32 +0100 (BST)
	(envelope-from jhary@unsane.co.uk)
Date: Thu, 21 Apr 2005 18:12:31 +0100 (BST)
From: Vince Hoffman <jhary@unsane.co.uk>
To: freebsd-questions@freebsd.org
Message-ID: <20050421154545.D18353@unsane.co.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: pam_radius and ssh
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2005 17:13:14 -0000

Hi all,
 	I've been looking into using the pam_radius pam module and have 
been trying out the template_user feature as this would ease the 
administrative burden in our setup, (it allows a user to be specified as 
a template if the radius user does not have a local account.) I can get it 
to work fine for login and telnetd, but sshd seems to have a problem. If 
a local user with the same name as the radius user exists then no problem, 
if not then the  template_user should kick in, however it doesnt, in fact 
if the user does not exist localy then the pam_radius module is never 
even invoked, or at least it never sends any query to the radius server.
I'm guessing that sshd checks for a valid user even when its using PAM 
authentication and halts any further progress. Is there any way to turn 
this off?

thank,
Vince