[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: trying to override the pam_auth attribute
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2021-08-27 18:41:48
Message-ID: 4A5E088C-1BD9-4610-A537-49F194421AA6 () deployingradius ! com
[Download RAW message or body]

On Aug 27, 2021, at 2:36 PM, Jonathan Davis <jonathan@prioritycolo.com> wrote:
> That's right, I was looking at it from different perspective (being ignorant of \
> Attribute-Names and update <lists>. I saw the following in mods-enabled/pam 
> pam {
> pam_auth = radiusd
> }

  Yeah, the module configurations are substantially different from the attributes.

> What's the reason behind it being updated in the authorize section? My novice \
> understanding is that authorize is where FreeRadius checks modules to see which one \
> is up to trying to authenticate the request?

  The "authorize" phase is really "set things up for authentication".  So get \
passwords, set databases to use for authentication, etc.

  i.e. you have to know which PAM auth string to use for authentication.  So... the \
PAM auth string has to be set *before* the "authenticate" section is run.

> I've also got some other questions related to breaking down users vs clients vs \
> virtual_servers, with all this in place, but that's possibly best started in a new \
> thread with all the details included.

  Sure.

  See also raddb/sites-available/README, there's a ton of documentation on this \
subject.

> Thank you again for your assistance.

  You're welcome.  It's what I do.  :)

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]