Skip to content

Latest commit

 

History

History
49 lines (33 loc) · 1.56 KB

README.md

File metadata and controls

49 lines (33 loc) · 1.56 KB

#pam_radius_auth

Build Status

Configures sshd and sudo PAM modules to use RADIUS for authentication.

##Overview: Installs and configures pam_radius_auth module for PAM to allow sshd and sudo to use RADIUS for authentication. As distributed, this will also fallback to local authentication (using localifdown) should the RADIUS servers be unavailable.

Although the distributed copy only supports Redhat/CentOS and Debian/Ubuntu, this module should work, with minor modifications, on any system that supports PAM:

  1. Add support for your distro/release in init.pp

  2. Add the following line before system-auth:

    auth [success=done new_authtok_reqd=done ignore=ignore default=die] pam_radius_auth.so localifdown
    

This module has been tested on EL5 and EL6, as well as Ubuntu 12.04 LTS.

##Prerequisites: On CentOS, the EPEL repo must be installed and enabled. Information on the EPEL repo is available at: http://fedoraproject.org/wiki/EPEL

##Configuration: Set the default servers, shared secret, and timeout in manifests/init.pp, then include the class for your node(s):

node 'prod.example.com' {
  include pam_radius_auth
}

You may also override the defaults on a per-node basis:

node 'test.example.com' {
  class { "pam_radius_auth":
    pam_radius_servers => [ "192.168.10.80",
                            "192.168.10.90" ],
    pam_radius_secret  => "sekrit",
    pam_radius_timeout => '5',
  }
}