diff options
author | Jonathan Bauer | 2011-12-06 17:23:02 +0100 |
---|---|---|
committer | Jonathan Bauer | 2011-12-06 17:47:02 +0100 |
commit | 5d97f33775e539da678d2c893c68520ef3c72618 (patch) | |
tree | 8f0a9174c7f8b22bbcd6eb9c9cd1f8ca8b070d96 /src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth | |
parent | Merge branch 'master' of openslx.org:openslx/core (diff) | |
download | core-5d97f33775e539da678d2c893c68520ef3c72618.tar.gz core-5d97f33775e539da678d2c893c68520ef3c72618.tar.xz core-5d97f33775e539da678d2c893c68520ef3c72618.zip |
eduroam plugin base (working for kdm)
Diffstat (limited to 'src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth')
-rw-r--r-- | src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth b/src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth new file mode 100644 index 00000000..97f005f4 --- /dev/null +++ b/src/os-plugins/plugins/eduroam/files/etc/pam.d/radius-auth @@ -0,0 +1,31 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# try to authenticate with radius, if succeeds create local user. +auth optional pam_script.so radius +auth [success=ok user_unknown=1 default=1] pam_radius_auth.so debug +auth [success=3 default=ignore] pam_script.so create_user +auth optional pam_script.so unix +auth [success=1 new_authtok_reqd=ok user_unknown=die default=ignore] pam_unix.so nullok_secure debug try_first_pass + +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) +#auth optional pam_mount.so +# end of pam-auth-update config |