PAM Support for Cistron-radiusd


0. INTRODUCTION

   PAM support was done by Jeph Blaize. Miguel a.l. Paraz <map@iphil.net>
   ported it to Cistron-Radius. Chris Dent <cdent@kiva.net> added the
   Pam-Auth attribute. It is not complete yet but seems to work
   (for authentication only).

1. USAGE

   Use Auth-Type = Pam in the users file. For backwards compatibility,
   you can also use Password = "PAM" but, like Password = "UNIX", this
   is depreciated.

   You can also use ``Pam-Auth = "somestring"'' to specify an entry in
   /etc/pam.d.  The default is "radius".

   Please look at the file ../redhat/radiusd-pam for a sample PAM
   entry.  This script should be copied to /etc/pam.d/radius

2. NOTES

   Added the following hacks, see CFLAGS in src/Makefile to activate.
   Crude support for PAM authentication (-DPAM), User-Password = "PAM".

   Miguel has made PAM changes to the Cistron radiusd, since he now uses
   it as the basis of many accounting systems. However, according to the
   PAM experts, calling the pam_start function for each user to be
   authenticated is a bad idea. Seems to work for him, though.

   Besides, the Pam-Auth attribute only works if pam_start is called
   everytime anyways ..

3. TODO:

   Real PAM support, figure out how we can write a module that will make
   it blend in with PAM more seamlessly.  With this, we can replace the
   DENY_SHELL with something more flexible such as a database.

4. EXAMPLE:

DEFAULT Auth-Type = Pam,  NAS-IP-Address = 206.97.64.5
	Service-Type = Framed-User,
	Framed-Protocol = PPP,
	Framed-IP-Address = 255.255.255.254,
	Filter-Id = "std.ppp",
	Framed-MTU = 1500,
	Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Auth-Type = Pam,  Pam-Auth = "radius2", NAS-IP-Address = 127.0.0.1
	Service-Type = Framed-User,
	Framed-Protocol = PPP,
	Framed-IP-Address = 255.255.255.254,
	Filter-Id = "std.ppp",
	Framed-MTU = 1500,
	Framed-Compression = Van-Jacobson-TCP-IP