[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: trying to override the pam_auth attribute
From: Alan DeKok <aland () deployingradius ! com>
Date: 2021-08-27 18:41:48
Message-ID: 4A5E088C-1BD9-4610-A537-49F194421AA6 () deployingradius ! com
[Download RAW message or body]
On Aug 27, 2021, at 2:36 PM, Jonathan Davis <jonathan@prioritycolo.com> wrote:
> That's right, I was looking at it from different perspective (being ignorant of \
> Attribute-Names and update <lists>. I saw the following in mods-enabled/pam
> pam {
> pam_auth = radiusd
> }
Yeah, the module configurations are substantially different from the attributes.
> What's the reason behind it being updated in the authorize section? My novice \
> understanding is that authorize is where FreeRadius checks modules to see which one \
> is up to trying to authenticate the request?
The "authorize" phase is really "set things up for authentication". So get \
passwords, set databases to use for authentication, etc.
i.e. you have to know which PAM auth string to use for authentication. So... the \
PAM auth string has to be set *before* the "authenticate" section is run.
> I've also got some other questions related to breaking down users vs clients vs \
> virtual_servers, with all this in place, but that's possibly best started in a new \
> thread with all the details included.
Sure.
See also raddb/sites-available/README, there's a ton of documentation on this \
subject.
> Thank you again for your assistance.
You're welcome. It's what I do. :)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic