1c747c0c7SAndrzej Bialecki.\" Copyright (c) 1999 2c747c0c7SAndrzej Bialecki.\" Andrzej Bialecki <abial@FreeBSD.org>. All rights reserved. 3c747c0c7SAndrzej Bialecki.\" 4c747c0c7SAndrzej Bialecki.\" Copyright (c) 1992, 1993, 1994 5c747c0c7SAndrzej Bialecki.\" The Regents of the University of California. All rights reserved. 6c747c0c7SAndrzej Bialecki.\" All rights reserved. 7c747c0c7SAndrzej Bialecki.\" 8c747c0c7SAndrzej Bialecki.\" This code is derived from software donated to Berkeley by 9c747c0c7SAndrzej Bialecki.\" Jan-Simon Pendry. 10c747c0c7SAndrzej Bialecki.\" 11c747c0c7SAndrzej Bialecki.\" Redistribution and use in source and binary forms, with or without 12c747c0c7SAndrzej Bialecki.\" modification, are permitted provided that the following conditions 13c747c0c7SAndrzej Bialecki.\" are met: 14c747c0c7SAndrzej Bialecki.\" 1. Redistributions of source code must retain the above copyright 15c747c0c7SAndrzej Bialecki.\" notice, this list of conditions and the following disclaimer. 16c747c0c7SAndrzej Bialecki.\" 2. Redistributions in binary form must reproduce the above copyright 17c747c0c7SAndrzej Bialecki.\" notice, this list of conditions and the following disclaimer in the 18c747c0c7SAndrzej Bialecki.\" documentation and/or other materials provided with the distribution. 19dda5b397SEitan Adler.\" 3. Neither the name of the University nor the names of its contributors 20c747c0c7SAndrzej Bialecki.\" may be used to endorse or promote products derived from this software 21c747c0c7SAndrzej Bialecki.\" without specific prior written permission. 22c747c0c7SAndrzej Bialecki.\" 23c747c0c7SAndrzej Bialecki.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24c747c0c7SAndrzej Bialecki.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25c747c0c7SAndrzej Bialecki.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26c747c0c7SAndrzej Bialecki.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27c747c0c7SAndrzej Bialecki.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28c747c0c7SAndrzej Bialecki.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29c747c0c7SAndrzej Bialecki.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30c747c0c7SAndrzej Bialecki.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31c747c0c7SAndrzej Bialecki.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32c747c0c7SAndrzej Bialecki.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33c747c0c7SAndrzej Bialecki.\" SUCH DAMAGE. 34c747c0c7SAndrzej Bialecki.\" 357f3dea24SPeter Wemm.\" $FreeBSD$ 36c747c0c7SAndrzej Bialecki.\" 37a1d214e8SDag-Erling Smørgrav.Dd October 28, 2002 385f95f24bSRuslan Ermilov.Dt PAM_RADIUS 8 39a307d598SRuslan Ermilov.Os 40c747c0c7SAndrzej Bialecki.Sh NAME 41c747c0c7SAndrzej Bialecki.Nm pam_radius 42c747c0c7SAndrzej Bialecki.Nd RADIUS authentication PAM module 43c747c0c7SAndrzej Bialecki.Sh SYNOPSIS 441642eb1aSMark Murray.Op Ar service-name 451642eb1aSMark Murray.Ar module-type 461642eb1aSMark Murray.Ar control-flag 471642eb1aSMark Murray.Pa pam_radius 481642eb1aSMark Murray.Op Ar options 49c747c0c7SAndrzej Bialecki.Sh DESCRIPTION 50c747c0c7SAndrzej BialeckiThe 51c747c0c7SAndrzej Bialecki.Nm 52c747c0c7SAndrzej Bialeckimodule provides authentication services based 53c747c0c7SAndrzej Bialeckiupon the RADIUS (Remote Authentication Dial In User Service) protocol 54c747c0c7SAndrzej Bialeckifor the PAM (Pluggable Authentication Module) framework. 55c747c0c7SAndrzej Bialecki.Pp 56c747c0c7SAndrzej BialeckiThe 57c747c0c7SAndrzej Bialecki.Nm 58c747c0c7SAndrzej Bialeckimodule accepts these optional parameters: 59c747c0c7SAndrzej Bialecki.Bl -tag -width Fl 60c747c0c7SAndrzej Bialecki.It Cm use_first_pass 61c747c0c7SAndrzej Bialeckicauses 62c747c0c7SAndrzej Bialecki.Nm 63c747c0c7SAndrzej Bialeckito use a previously entered password instead of prompting for a new one. 64c747c0c7SAndrzej BialeckiIf no password has been entered then authentication fails. 65c747c0c7SAndrzej Bialecki.It Cm try_first_pass 66c747c0c7SAndrzej Bialeckicauses 67c747c0c7SAndrzej Bialecki.Nm 681a0a9345SRuslan Ermilovto use a previously entered password, if one is available. 691a0a9345SRuslan ErmilovIf no 70c747c0c7SAndrzej Bialeckipassword has been entered, 71c747c0c7SAndrzej Bialecki.Nm 72c747c0c7SAndrzej Bialeckiprompts for one as usual. 73c747c0c7SAndrzej Bialecki.It Cm echo_pass 74c747c0c7SAndrzej Bialeckicauses echoing to be left on if 75c747c0c7SAndrzej Bialecki.Nm 76c747c0c7SAndrzej Bialeckiprompts for a password. 771798791dSRuslan Ermilov.It Cm conf Ns = Ns Ar pathname 78c747c0c7SAndrzej Bialeckispecifies a non-standard location for the RADIUS client configuration file 79a1d214e8SDag-Erling Smørgrav(normally located in 80a1d214e8SDag-Erling Smørgrav.Pa /etc/radius.conf ) . 81862b46f6SRuslan Ermilov.It Cm nas_id Ns = Ns Ar identifier 82a1d214e8SDag-Erling Smørgravspecifies a NAS identifier to send instead of the hostname. 83862b46f6SRuslan Ermilov.It Cm template_user Ns = Ns Ar username 84c747c0c7SAndrzej Bialeckispecifies a user whose 85c747c0c7SAndrzej Bialecki.Xr passwd 5 86c747c0c7SAndrzej Bialeckientry will be used as a template to create the session environment 870227791bSRuslan Ermilovif the supplied username does not exist in local password database. 88c6ff3a1bSSheldon HearnThe user 89c747c0c7SAndrzej Bialeckiwill be authenticated with the supplied username and password, but his 90c747c0c7SAndrzej Bialeckicredentials to the system will be presented as the ones for 91c747c0c7SAndrzej Bialecki.Ar username , 921a0a9345SRuslan Ermilovi.e., his login class, home directory, resource limits, etc.\& will be set to ones 93c747c0c7SAndrzej Bialeckidefined for 94c747c0c7SAndrzej Bialecki.Ar username . 95c747c0c7SAndrzej Bialecki.Pp 96c747c0c7SAndrzej BialeckiIf this option is omitted, and there is no username 97c747c0c7SAndrzej Bialeckiin the system databases equal to the supplied one (as determined by call to 9842635956SRuslan Ermilov.Xr getpwnam 3 ) , 99c747c0c7SAndrzej Bialeckithe authentication will fail. 100f142677bSMaxim Sobolev.It Cm nas_ipaddr Ns Op No = Ns Ar address 101f142677bSMaxim Sobolevspecifies a NAS IP address to be sent. 102f142677bSMaxim SobolevIf option is present, but there is no value provided then IP address 103f142677bSMaxim Sobolevcorresponding to the current hostname will be used. 10442635956SRuslan Ermilov.El 105c747c0c7SAndrzej Bialecki.Sh FILES 106c747c0c7SAndrzej Bialecki.Bl -tag -width /etc/radius.conf -compact 107c747c0c7SAndrzej Bialecki.It Pa /etc/radius.conf 108c747c0c7SAndrzej BialeckiThe standard RADIUS client configuration file for 109c747c0c7SAndrzej Bialecki.Nm 110c747c0c7SAndrzej Bialecki.El 111c747c0c7SAndrzej Bialecki.Sh SEE ALSO 112c747c0c7SAndrzej Bialecki.Xr passwd 5 , 1135521ff5aSRuslan Ermilov.Xr radius.conf 5 , 1145521ff5aSRuslan Ermilov.Xr pam 8 115c747c0c7SAndrzej Bialecki.Sh HISTORY 116c747c0c7SAndrzej BialeckiThe 117c747c0c7SAndrzej Bialecki.Nm 118c747c0c7SAndrzej Bialeckimodule first appeared in 119c747c0c7SAndrzej Bialecki.Fx 3.1 . 120c747c0c7SAndrzej BialeckiThe 121c747c0c7SAndrzej Bialecki.Nm 122c747c0c7SAndrzej Bialeckimanual page first appeared in 123c747c0c7SAndrzej Bialecki.Fx 3.3 . 124c747c0c7SAndrzej Bialecki.Sh AUTHORS 125725ab628SRuslan Ermilov.An -nosplit 126c747c0c7SAndrzej BialeckiThe 127c747c0c7SAndrzej Bialecki.Nm 128c747c0c7SAndrzej Bialeckimanual page was written by 129*2b7af31cSBaptiste Daroussin.An Andrzej Bialecki Aq Mt abial@FreeBSD.org . 130c747c0c7SAndrzej Bialecki.Pp 131c747c0c7SAndrzej BialeckiThe 132c747c0c7SAndrzej Bialecki.Nm 133c747c0c7SAndrzej Bialeckimodule was written by 134*2b7af31cSBaptiste Daroussin.An John D. Polstra Aq Mt jdp@FreeBSD.org . 135