Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a fc-14 linux and I can telnet into the system with /etc/passwd. After installation of pam-radius, I expect to see radius requests leaving for an external radius server. But I do not see any packeting (wireshark is turned on). Here is my setup:
2. installed pam-radius by "yum install pam-radius". pam_radius_auth.so is in /lib/security.
3. in /etc/pam.d/login, I have:
auth sufficient lib/security/pam_radius_auth.so
account required pam_permit.so
session required pam_permit.so
4. in /etc/raddb, file server is created with these contents:
192.168.1.2 mySecret 2
5. On the radius server, necessary configuration is set.
Can someone let me know what other configuration I need so that the system will use pam to authentication telnet user? Thanks in advance.
Last edited by rosect; 10-20-2011 at 01:29 PM.
Reason: edited question
do you have a /etc/pam.d/telnet file? if so i suggest you try pam_radius_auth.so there
which radius package is it you have installed on fc14? try testing radius auth via the radius auth test tool to make sure radius works as expected. once radius is verified then jump into the integration.
but you do know you posted this in the "security" section so you are probably gonna get a lot of "why are you even using telnet, use ssh".
Last edited by Linux_Kidd; 10-20-2011 at 03:20 PM.
Thank you for your reply, Kidd. Here are my replies:
Kidd's suggestion 1: do you have a /etc/pam.d/telnet file?
My input: I created a /etc/pam.d/telnet. Same result -- no radius requests going out of the system.
Kidd's suggestion 2: which radius package is it you have installed on fc14?
My input: rpm -qa shows: pam_radius-1.3.17-2.fc14.i686.
Kidd's suggestion 3: try testing radius auth via the radius auth test tool
My input: I believe there is no radius setup on the system into which I want to telnet, right?
Kidd's suggestion 4: why are you even using telnet, use ssh.
My input: This is to support a legacy system. Compatibility considerations. SSH will also be implemented.
The problem is that I do not see pam-radius be invoked. Instead, passwd is used. (Yes, I can still telnet in). I also tried /etc/sshd. I still do not see radius requests going out. Please advise. Thank you.
run ldd on your telnetd (or whatever binary is running your telnet service, etc).
example for sshd on my rhel 5.7:
[root@host ~]# ldd /usr/sbin/sshd |grep pam
libpam.so.0 => /lib/libpam.so.0 (0x00420000)
this shows that sshd is linked to the PAM library, hence its "pam-a-fied".
which telnet package is installed?
please post the wireshark capture filter you are using, and did you select the correct interface to capture on? your capture filter should be "port 1812" or "host 192.168.1.2". what host does wireshark run on?
is there anything in var/log/messages that might suggest whats going on?
Last edited by Linux_Kidd; 10-21-2011 at 11:34 AM.
Hi, Kidd, I turned on debug and did see error returned by the .so. Basically messages say the .so could not read server IP from config file. Well, I just retyped the IP and that solved the problem! Not sure why the previous IP was "so bad".
I sincerely thank you very much for your advice as to debugging the issue. You have a good weekend.
Lorens, if I understand your question correctly, I believe you are asking how to configure telnet/ssh using PAM-RADIUS.
One variable we have to deal with is the Linux itself. For different flavors, configuration files to be used could be different. I realized this when I was doing Internet search for solutions. Because I do not know about your Linux (REDHAT or SUSE or something-else.), I have to use my setup as an example. Mine is Fedora 14, which is RHEL6.
1. Assume you have installed and started telnet service. (telnet is not by-default installed and enabled.)
2. In /etc/pam.d/remote, add the following, if they are not there:
auth sufficient \
account required /lib/security/pam_permit.so
session required /lib/security/pam_permit.so
3. In /etc/sysconfig/pam_radius, add these:
192.168.1.2 radius-shared-secret 2
1. In /etc/pam.d/sshd, add the same lines.
Note: the pam_radius in /etc/sysconfig is what I added.