File: pam_radius_auth.conf

package info (click to toggle)
libpam-radius-auth 3.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 996 kB
  • sloc: sh: 2,840; ansic: 1,624; makefile: 83
file content (52 lines) | stat: -rw-r--r-- 2,580 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
#  /etc/pam_radius_auth.conf configuration file.
#
#  For proper security, this file SHOULD have permissions 0600,
#  that is readable by root, and NO ONE else.  If anyone other than
#  root can read this file, then they can spoof responses from the server!
#
#  There are 5 fields per line in this file.  There may be multiple
#  lines.  Blank lines or lines beginning with '#' are treated as
#  comments, and are ignored.  The fields are:
#
#  server[:port] secret [timeout [source_ip [vrf]]]
#
#  the port name or number is optional.  The default port name is
#  "radius", and is looked up from /etc/services The timeout field is
#  optional.  The default timeout is 3 seconds.
#  The source_ip field is optional and the default is none.
#  The vrf field is optional and the default is none.
#
#  For IPv6 literal addresses, the address has to be surrounded  by
#  square  brackets as usual. E.g. [2001:0db8:85a3::4].
#
#  If multiple RADIUS server lines exist, they are tried in order.  The
#  first server to return success or failure causes the module to return
#  success or failure.  Only if a server fails to response is it skipped,
#  and the next server in turn is used.
#
#  The timeout field controls how many seconds the module waits before
#  deciding that the server has failed to respond.  Timeouts MUST be
#  between 3 and 60 seconds.  If they are outside of this range, the
#  timeouts are clamped to this range.
#
#  The source_ip field can be used to make the library bind the socket
#  that connects to that particular server to a particular IP address.
#  Note: specifying a timeout field is mandatory due to config parsing,
#  but if not needed it can be just set to the default of 3.
#
#  The vrf field can be used on Linux to make the library bind the socket
#  that connects to that particualar server to a particular VRF.
#  See: https://www.kernel.org/doc/Documentation/networking/vrf.txt for
#  more information.
#  Note: specifying a source_ip field is mandatory due to config parsing,
#  but if not needed it can be just set to 0.
#
# server[:port]             shared_secret      timeout (s)  source_ip            vrf
127.0.0.1                   secret             3
other-server                other-secret       5            192.168.1.10         vrf-blue
[2001:0db8:85a3::4]:1812    other6-secret      3            [2001:0db8:85a3::3]  vrf-red
other-other-server          other-other-secret 5            0                    vrf-blue
#
# having localhost in your radius configuration is a Good Thing.
#
# See the INSTALL file for pam.conf hints.