mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-13 05:41:26 +01:00
149 lines
4.7 KiB
Groff
149 lines
4.7 KiB
Groff
.\"-
|
|
.\" Copyright (c) 1992, 1993, 1994
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\" Copyright (c) 1999 Andrzej Bialecki <abial@FreeBSD.org>
|
|
.\" All rights reserved.
|
|
.\" Copyright (c) 2018 The University of Oslo
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software donated to Berkeley by
|
|
.\" Jan-Simon Pendry.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.Dd May 16, 2018
|
|
.Dt PAM_RADIUS 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm pam_radius
|
|
.Nd RADIUS authentication PAM module
|
|
.Sh SYNOPSIS
|
|
.Op Ar service-name
|
|
.Ar module-type
|
|
.Ar control-flag
|
|
.Pa pam_radius
|
|
.Op Ar options
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
module provides authentication services based
|
|
upon the RADIUS (Remote Authentication Dial In User Service) protocol
|
|
for the PAM (Pluggable Authentication Module) framework.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
module accepts these optional parameters:
|
|
.Bl -tag -width Fl
|
|
.It Cm use_first_pass
|
|
causes
|
|
.Nm
|
|
to use a previously entered password instead of prompting for a new one.
|
|
If no password has been entered then authentication fails.
|
|
.It Cm try_first_pass
|
|
causes
|
|
.Nm
|
|
to use a previously entered password, if one is available.
|
|
If no
|
|
password has been entered,
|
|
.Nm
|
|
prompts for one as usual.
|
|
.It Cm echo_pass
|
|
causes echoing to be left on if
|
|
.Nm
|
|
prompts for a password.
|
|
.It Cm conf Ns = Ns Ar pathname
|
|
specifies a non-standard location for the RADIUS client configuration file
|
|
(normally located in
|
|
.Pa /etc/radius.conf ) .
|
|
.It Cm nas_id Ns = Ns Ar identifier
|
|
specifies a NAS identifier to send instead of the hostname.
|
|
.It Cm nas_ipaddr Ns Op No = Ns Ar address
|
|
specifies a NAS IP address to be sent.
|
|
If option is present, but there is no value provided then IP address
|
|
corresponding to the current hostname will be used.
|
|
.It Cm template_user Ns = Ns Ar username
|
|
specifies a user whose
|
|
.Xr passwd 5
|
|
entry will be used as a template to create the session environment
|
|
if the supplied username does not exist in local password database.
|
|
The user
|
|
will be authenticated with the supplied username and password, but his
|
|
credentials to the system will be presented as the ones for
|
|
.Ar username ,
|
|
i.e., his login class, home directory, resource limits, etc.\& will be set to ones
|
|
defined for
|
|
.Ar username .
|
|
.Pp
|
|
If this option is omitted, and there is no username
|
|
in the system databases equal to the supplied one (as determined by call to
|
|
.Xr getpwnam 3 ) ,
|
|
the authentication will fail.
|
|
.It Cm no_reply_message
|
|
suppress printing of the contents of any
|
|
.Cm Reply-Message
|
|
attributes found in
|
|
.Cm Access-Accept
|
|
and
|
|
.Cm Access-Reject
|
|
responses.
|
|
These are normally conveyed to the user as either informational or
|
|
error messages, depending on whether the access request was accepted
|
|
or rejected.
|
|
.It Cm no_warn
|
|
suppress warning messages to the user.
|
|
These messages include reasons why the user's authentication attempt
|
|
was declined.
|
|
.El
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/radius.conf -compact
|
|
.It Pa /etc/radius.conf
|
|
The standard RADIUS client configuration file for
|
|
.Nm
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr passwd 5 ,
|
|
.Xr radius.conf 5 ,
|
|
.Xr pam 3
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
module first appeared in
|
|
.Fx 3.1 .
|
|
The
|
|
.Nm
|
|
manual page first appeared in
|
|
.Fx 3.3 .
|
|
.Sh AUTHORS
|
|
.An -nosplit
|
|
The
|
|
.Nm
|
|
manual page was written by
|
|
.An Andrzej Bialecki Aq Mt abial@FreeBSD.org .
|
|
.Pp
|
|
The
|
|
.Nm
|
|
module was written by
|
|
.An John D. Polstra Aq Mt jdp@FreeBSD.org .
|