Date: Thu, 29 Apr 2004 17:08:12 -0400 (EDT) From: Dan Mahoney <danm@prime.gushi.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/66095: template_user is broken in pam_radius Message-ID: <200404292108.i3TL8CdV099025@s2.ezzi.net> Resent-Message-ID: <200404292110.i3TLA6gl093421@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 66095 >Category: bin >Synopsis: template_user is broken in pam_radius >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 29 14:10:05 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Dan Mahoney >Release: FreeBSD 4.6.2-RELEASE-p27 i386 >Organization: >Environment: System: FreeBSD s2.ezzi.net 4.6.2-RELEASE-p27 FreeBSD 4.6.2-RELEASE-p27 #0: Tue Apr 6 08:52:46 EDT 2004 danm@s2.ezzi.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: The pam_radius module's man page purports to be able to support a "template user", i.e. when a user not listed in the local system attempts to authenticate when pam_radius is in effect, instead, the login credentials for "template_user" will be presented. FreeBSD seems to authorize against radius correctly when a local user exists, but when a non-local user tries to authenticate, the request is NOT EVEN FORWARDED to the radius server. Auth simply fails. >How-To-Repeat: /etc/radius.conf: auth 65.125.237.37 testing123 acct 65.125.237.37 testing123 /etc/pam.conf: sshd auth sufficient pam_skey.so sshd auth sufficient pam_opie.so no_fake_prompts #sshd auth requisite pam_opieaccess.so #sshd auth sufficient pam_kerberosIV.so try_first_pass #sshd auth sufficient pam_krb5.so try_first_pass sshd auth sufficient pam_radius.so try_first_pass template_user=danm sshd auth required pam_unix.so try_first_pass sshd account sufficient pam_radius.so try_first_pass template_user=danm sshd account required pam_unix.so sshd password required pam_permit.so sshd session required pam_permit.so try to log in as a user who is present on the radius server but not present on the local system. >Fix: None known. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404292108.i3TL8CdV099025>