From: Jamie C. <jca...@we...> - 2003-09-17 22:49:01
|
No - to allow that, you would have to create a PAM file like : #%PAM-1.0 auth sufficient pam_radius.so auth sufficient pam_unix.so account required pam_radius.so session required pam_radius.so (I think) - Jamie Mait Mandel wrote: > Will that leave me a backdoor for a "local" user/password in case the > radius server is unreachable? > > Mait > > -----Original Message----- > From: web...@li... > [mailto:web...@li...] On Behalf Of Jamie > Cameron > Sent: 17. september 2003. a. 15:58 > To: web...@li... > Subject: Re: [webmin-l] radius authentication for webmin > > > You can't set up webmin like that unfortunately .. A webmin user has a > lot of additional information like his allowed modules, ACLs and so on > that cannot be stored in radius. > > If you do want to use PAM, you would need to put in lines like : > > #%PAM-1.0 > auth required pam_radius.so > account required pam_radius.so > session required pam_radius.so > > This assumes that a PAM module called pam_radius.so actually exists - > I'm not really sure about that. > > - Jamie > > Mait Mandel wrote: > >>hi Jamie, >> >>well, actually i'd like to let ANY user that is allowed by radius to > > be > >>able to use webmin. >>eg both usernames and password would be taken from radius. is that >>possible? >> >>if not, then how should i configure the /etc/pam.d/webmin file? >>currently the file shows: >> >>#%PAM-1.0 >>auth required pam_unix.so nullok >>account required pam_unix.so >>session required pam_unix.so >> >>Mait >> >> >> >>>-----Original Message----- >>>From: web...@li... >>>[mailto:web...@li...] On Behalf >>>Of Jamie Cameron >>>Sent: 17. september 2003. a. 12:14 >>>To: web...@li... >>>Subject: Re: [webmin-l] radius authentication for webmin >>> >>>On Wed, 2003-09-17 at 16:01, Mait Mandel wrote: >>> >>> >>>>hi, >>>> >>>>how can i use an external radius server to authenticate webmin users >>>>(the administrators)? >>> >>>If you are just trying to have passwords checked against a >>>RADIUS server >>>while still keeping all the user information in Webmin as normal, the >>>best solution may be to use PAM. Assuming that a pam_radius module >>>exists somewhere, the steps to follow would be : >>> >>>1) Installed the Authen::PAM perl module >>>2) Modify or create /etc/pam.d/webmin to authenticate using pam_radius >>>3) Change your Webmin user's password to 'Unix authentication' in the >>>Webmin Users module. >>> >>>- Jamie |