1.\"- 2.\" Copyright (c) 1992, 1993, 1994 3.\" The Regents of the University of California. All rights reserved. 4.\" Copyright (c) 1999 Andrzej Bialecki <abial@FreeBSD.org> 5.\" All rights reserved. 6.\" Copyright (c) 2018 The University of Oslo 7.\" All rights reserved. 8.\" 9.\" This code is derived from software donated to Berkeley by 10.\" Jan-Simon Pendry. 11.\" 12.\" Redistribution and use in source and binary forms, with or without 13.\" modification, are permitted provided that the following conditions 14.\" are met: 15.\" 1. Redistributions of source code must retain the above copyright 16.\" notice, this list of conditions and the following disclaimer. 17.\" 2. Redistributions in binary form must reproduce the above copyright 18.\" notice, this list of conditions and the following disclaimer in the 19.\" documentation and/or other materials provided with the distribution. 20.\" 3. Neither the name of the University nor the names of its contributors 21.\" may be used to endorse or promote products derived from this software 22.\" without specific prior written permission. 23.\" 24.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34.\" SUCH DAMAGE. 35.\" 36.\" $FreeBSD$ 37.\" 38.Dd May 16, 2018 39.Dt PAM_RADIUS 8 40.Os 41.Sh NAME 42.Nm pam_radius 43.Nd RADIUS authentication PAM module 44.Sh SYNOPSIS 45.Op Ar service-name 46.Ar module-type 47.Ar control-flag 48.Pa pam_radius 49.Op Ar options 50.Sh DESCRIPTION 51The 52.Nm 53module provides authentication services based 54upon the RADIUS (Remote Authentication Dial In User Service) protocol 55for the PAM (Pluggable Authentication Module) framework. 56.Pp 57The 58.Nm 59module accepts these optional parameters: 60.Bl -tag -width Fl 61.It Cm use_first_pass 62causes 63.Nm 64to use a previously entered password instead of prompting for a new one. 65If no password has been entered then authentication fails. 66.It Cm try_first_pass 67causes 68.Nm 69to use a previously entered password, if one is available. 70If no 71password has been entered, 72.Nm 73prompts for one as usual. 74.It Cm echo_pass 75causes echoing to be left on if 76.Nm 77prompts for a password. 78.It Cm conf Ns = Ns Ar pathname 79specifies a non-standard location for the RADIUS client configuration file 80(normally located in 81.Pa /etc/radius.conf ) . 82.It Cm nas_id Ns = Ns Ar identifier 83specifies a NAS identifier to send instead of the hostname. 84.It Cm nas_ipaddr Ns Op No = Ns Ar address 85specifies a NAS IP address to be sent. 86If option is present, but there is no value provided then IP address 87corresponding to the current hostname will be used. 88.It Cm template_user Ns = Ns Ar username 89specifies a user whose 90.Xr passwd 5 91entry will be used as a template to create the session environment 92if the supplied username does not exist in local password database. 93The user 94will be authenticated with the supplied username and password, but his 95credentials to the system will be presented as the ones for 96.Ar username , 97i.e., his login class, home directory, resource limits, etc.\& will be set to ones 98defined for 99.Ar username . 100.Pp 101If this option is omitted, and there is no username 102in the system databases equal to the supplied one (as determined by call to 103.Xr getpwnam 3 ) , 104the authentication will fail. 105.It Cm no_reply_message 106suppress printing of the contents of any 107.Cm Reply-Message 108attributes found in 109.Cm Access-Accept 110and 111.Cm Access-Reject 112responses. 113These are normally conveyed to the user as either informational or 114error messages, depending on whether the access request was accepted 115or rejected. 116.It Cm no_warn 117suppress warning messages to the user. 118These messages include reasons why the user's authentication attempt 119was declined. 120.El 121.Sh FILES 122.Bl -tag -width /etc/radius.conf -compact 123.It Pa /etc/radius.conf 124The standard RADIUS client configuration file for 125.Nm 126.El 127.Sh SEE ALSO 128.Xr passwd 5 , 129.Xr radius.conf 5 , 130.Xr pam 3 131.Sh HISTORY 132The 133.Nm 134module first appeared in 135.Fx 3.1 . 136The 137.Nm 138manual page first appeared in 139.Fx 3.3 . 140.Sh AUTHORS 141.An -nosplit 142The 143.Nm 144manual page was written by 145.An Andrzej Bialecki Aq Mt abial@FreeBSD.org . 146.Pp 147The 148.Nm 149module was written by 150.An John D. Polstra Aq Mt jdp@FreeBSD.org . 151