1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
This is a simple and safe example on how to enable radius
authentication to the console login on a Debian system and
you are too lazy to read the USAGE documentation.
Edit /etc/pam.d/login
The default looks like:
[SNIP]
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth required pam_env.so
# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
@include common-auth
[SNIP]
Insert the following line:
auth sufficient pam_radius_auth.so
AFTER
auth required pam_env.so
and BEFORE
# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
@include common-auth
so that it will looks like:
[SNIP]
# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth required pam_env.so
##### RADIUS #####
auth sufficient pam_radius_auth.so
# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
@include common-auth
[SNIP]
Try now to login in one of the consoles using the radius password.
If it fails the system will prompt again for a password. This time
provide the local one.
|
