[Exim] AUTH with PAM using pam_radius_auth.

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jonker, Niels
Datum:  
To: 'exim-users@exim.org'
Betreff: [Exim] AUTH with PAM using pam_radius_auth.
In order to make Exim use PAM to Radius under Linux (Redhat 7.1) I used the
pam_radius_auth.so available from freeradius.org (About the only one I could
find that actually worked for Auth). Note that the module does NOT support
all the PAM functions exim wants. Here's what I did to make it work:

- Followed instructions as-is for both the Radius module and exim, except
for making the following change in exim's source code:
- Remove these two lines from src/auths/call_pam.c in auth_call_pam
if (pam_error == PAM_SUCCESS && !pam_conv_had_error)
pam_error = pam_acct_mgmt (pamh, PAM_SILENT);

The correct fix would of course be to fix the pam_radius_auth.so library.
For the rest of the confiig, I pretty much followed C034 sample config. Note
that you need to put a few extralibs in your Local/Makefile, this is
documented in the distribution..

Finally, my /etc/pam.d/exim file is different from the one that is suggested
by pam_radius_auth. It is:

#%PAM-1.0
auth    required        /lib/security/pam_radius_auth.so
account    required        /lib/security/pam_radius_auth.so


Note that Pam still logs 'PAM unable to resolve symbol: pam_sm_acct_mgmt'
because it appears that is not implemented in pam_radius_auth.so, but it
still gets the correct information to and from the Radius server.

Niels,
--
Niels Jonker
VP, System and Network Engineering, Boingo Wireless, inc.
niels@???, 310-586-4290