Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_radius(8) [netbsd man page]

PAM_RADIUS(8)						    BSD System Manager's Manual 					     PAM_RADIUS(8)

NAME

     pam_radius -- RADIUS PAM module

SYNOPSIS

     [service-name] module-type control-flag pam_radius [options]

DESCRIPTION

     The RADIUS service module for PAM provides authentication services based upon the RADIUS (Remote Authentication Dial In User Service) proto-
     col.

     The pam_radius module accepts these optional parameters:

     use_first_pass
		 causes pam_radius to use a previously entered password instead of prompting for a new one.  If no password has been entered then
		 authentication fails.

     try_first_pass
		 causes pam_radius to use a previously entered password, if one is available.  If no password has been entered, pam_radius prompts
		 for one as usual.

     echo_pass	 causes echoing to be left on if pam_radius prompts for a password.

     conf=pathname
		 specifies a non-standard location for the RADIUS client configuration file (normally located in /etc/radius.conf).

     nas_id=identifier
		 specifies a NAS identifier to send instead of the hostname.

     template_user=username
		 specifies a user whose passwd(5) entry will be used as a template to create the session environment if the supplied username does
		 not exist in the local password database.  The user will be authenticated with the supplied username and password, but his cre-
		 dentials to the system will be presented as the ones for username, i.e., his login class, home directory, resource limits, etc.
		 will be set to ones defined for username.

		 If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to
		 getpwnam(3)), the authentication will fail.

     nas_ipaddr[=address]
		 specifies a NAS IP address to be sent.  If option is present, but there is no value provided then IP address corresponding to the
		 current hostname will be used.

FILES

     /etc/radius.conf  The standard RADIUS client configuration file for pam_radius

SEE ALSO

     passwd(5), radius.conf(5), pam(8)

HISTORY

     The pam_radius module first appeared in FreeBSD 3.1.  The pam_radius manual page first appeared in FreeBSD 3.3.

AUTHORS

     The pam_radius manual page was written by Andrzej Bialecki <abial@FreeBSD.org>.

     The pam_radius module was written by John D. Polstra <jdp@FreeBSD.org>.

BSD
								 October 28, 2002							       BSD

Check Out this Related Man Page

PAM(8)							    BSD System Manager's Manual 						    PAM(8)

NAME

     pam -- Pluggable Authentication Modules framework

DESCRIPTION

     The Pluggable Authentication Modules (PAM) framework is a system of libraries that perform authentication tasks for services and applica-
     tions.  Applications that use the PAM API may have their authentication behavior configured by the system administrator though the use of the
     service's PAM configuration file.

     PAM modules provide four classes of functionality:

     account   Account verification services such as password expiration and access control.

     auth      Authentication services.  This usually takes the form of a challenge-response conversation.  However, PAM can also support, with
	       appropriate hardware support, biometric devices, smart-cards, and so forth.

     password  Password (or, more generally, authentication token) change and update services.

     session   Session management services.  These are tasks that are performed before access to a service is granted and after access to a ser-
	       vice is withdrawn.  These may include updating activity logs or setting up and tearing down credential forwarding agents.

     A primary feature of PAM is the notion of ``stacking'' different modules together to form a processing chain for the task.  This allows
     fairly precise control over how a particular authentication task is performed, and under what conditions.	PAM module configurations may also
     inherit stacks from other module configurations, providing some degree of centralized administration.

SEE ALSO

     login(1), passwd(1), su(1), pam(3), pam.conf(5), pam_chroot(8), pam_deny(8), pam_echo(8), pam_exec(8), pam_ftpusers(8), pam_group(8),
     pam_guest(8), pam_krb5(8), pam_ksu(8), pam_lastlog(8), pam_login_access(8), pam_nologin(8), pam_permit(8), pam_radius(8), pam_rhosts(8),
     pam_rootok(8), pam_securetty(8), pam_self(8), pam_skey(8), pam_ssh(8), pam_unix(8)

HISTORY

     The Pluggable Authentication Module framework was originally developed by SunSoft, described in DCE/OSF-RFC 86.0, and first deployed in
     Solaris 2.6.  It was later incorporated into the X/Open Single Sign-On Service (XSSO) Pluggable Authentication Modules specifiation.

     The Pluggable Authentication Module framework first appeared in NetBSD 3.0.

BSD
								 February 28, 2005							       BSD
Man Page