1999-08-18 19:04:24 +00:00
|
|
|
.\" Copyright (c) 1999
|
|
|
|
.\" Andrzej Bialecki <abial@FreeBSD.org>. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 1992, 1993, 1994
|
|
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This code is derived from software donated to Berkeley by
|
|
|
|
.\" Jan-Simon Pendry.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the University of
|
|
|
|
.\" California, Berkeley and its contributors.
|
|
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
1999-08-28 00:22:10 +00:00
|
|
|
.\" $FreeBSD$
|
1999-08-18 19:04:24 +00:00
|
|
|
.\"
|
2002-10-28 10:28:46 +00:00
|
|
|
.Dd October 28, 2002
|
2001-04-18 08:25:26 +00:00
|
|
|
.Dt PAM_RADIUS 8
|
2001-07-10 13:41:46 +00:00
|
|
|
.Os
|
1999-08-18 19:04:24 +00:00
|
|
|
.Sh NAME
|
|
|
|
.Nm pam_radius
|
|
|
|
.Nd RADIUS authentication PAM module
|
|
|
|
.Sh SYNOPSIS
|
2001-07-09 18:20:51 +00:00
|
|
|
.Op Ar service-name
|
|
|
|
.Ar module-type
|
|
|
|
.Ar control-flag
|
|
|
|
.Pa pam_radius
|
|
|
|
.Op Ar options
|
1999-08-18 19:04:24 +00:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
module provides authentication services based
|
|
|
|
upon the RADIUS (Remote Authentication Dial In User Service) protocol
|
|
|
|
for the PAM (Pluggable Authentication Module) framework.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
module accepts these optional parameters:
|
|
|
|
.Bl -tag -width Fl
|
|
|
|
.It Cm use_first_pass
|
|
|
|
causes
|
|
|
|
.Nm
|
|
|
|
to use a previously entered password instead of prompting for a new one.
|
|
|
|
If no password has been entered then authentication fails.
|
|
|
|
.It Cm try_first_pass
|
|
|
|
causes
|
|
|
|
.Nm
|
|
|
|
to use a previously entered password, if one is available. If no
|
|
|
|
password has been entered,
|
|
|
|
.Nm
|
|
|
|
prompts for one as usual.
|
|
|
|
.It Cm echo_pass
|
|
|
|
causes echoing to be left on if
|
|
|
|
.Nm
|
|
|
|
prompts for a password.
|
2002-11-29 15:57:50 +00:00
|
|
|
.It Cm conf Ns = Ns Ar pathname
|
1999-08-18 19:04:24 +00:00
|
|
|
specifies a non-standard location for the RADIUS client configuration file
|
2002-10-28 10:28:46 +00:00
|
|
|
(normally located in
|
|
|
|
.Pa /etc/radius.conf ) .
|
|
|
|
.It Cm nas_id Ns No = Ns Ar identifier
|
|
|
|
specifies a NAS identifier to send instead of the hostname.
|
1999-08-18 19:04:24 +00:00
|
|
|
.It Cm template_user Ns No = Ns Ar username
|
|
|
|
specifies a user whose
|
|
|
|
.Xr passwd 5
|
|
|
|
entry will be used as a template to create the session environment
|
2000-03-02 09:14:21 +00:00
|
|
|
if the supplied username doesn't exist in local password database.
|
|
|
|
The user
|
1999-08-18 19:04:24 +00:00
|
|
|
will be authenticated with the supplied username and password, but his
|
|
|
|
credentials to the system will be presented as the ones for
|
|
|
|
.Ar username ,
|
|
|
|
i.e., his login class, home directory, resource limits, etc. will be set to ones
|
|
|
|
defined for
|
|
|
|
.Ar username .
|
|
|
|
.Pp
|
|
|
|
If this option is omitted, and there is no username
|
|
|
|
in the system databases equal to the supplied one (as determined by call to
|
2000-12-29 14:08:20 +00:00
|
|
|
.Xr getpwnam 3 ) ,
|
1999-08-18 19:04:24 +00:00
|
|
|
the authentication will fail.
|
2000-12-29 14:08:20 +00:00
|
|
|
.El
|
1999-08-18 19:04:24 +00:00
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width /etc/radius.conf -compact
|
|
|
|
.It Pa /etc/radius.conf
|
|
|
|
The standard RADIUS client configuration file for
|
|
|
|
.Nm
|
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr passwd 5 ,
|
2001-07-06 16:46:48 +00:00
|
|
|
.Xr radius.conf 5 ,
|
|
|
|
.Xr pam 8
|
1999-08-18 19:04:24 +00:00
|
|
|
.Sh HISTORY
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
module first appeared in
|
|
|
|
.Fx 3.1 .
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
manual page first appeared in
|
|
|
|
.Fx 3.3 .
|
|
|
|
.Sh AUTHORS
|
2000-11-22 09:23:54 +00:00
|
|
|
.An -nosplit
|
1999-08-18 19:04:24 +00:00
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
manual page was written by
|
|
|
|
.An Andrzej Bialecki Aq abial@FreeBSD.org .
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
module was written by
|
|
|
|
.An John D. Polstra Aq jdp@FreeBSD.org .
|