Differences

This shows you the differences between two versions of the page.

--- aix:user_radius [2022/02/21 09:27]
manu created
+++ aix:user_radius [2022/12/06 14:30] (current)
manu
@@ Line 1: / Line 1: @@
 ====== PAM with Radius ======
+Radius is available in standard AIX packages, but only for AIX standard authentification.
 There is no support for RADIUS on AIX PAM. So you have to compile the module
+Mobile Pass token in the challenge response mode is configured for authentication
+https://supportportal.gemalto.com/csm/sys_attachment.do?sys_id=d538e7741b5cc450f2888739cd4bcb75
+===== Compilation =====
+In a web browser, open the following link to download Pamradius 1.4.0 rpm:
+  http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/
+==== Pam-auth Prerequisites ====
+To enable radius authentication we need to install and configure pam_radius on AIX. Following are the dependencies for pam_radius:
+  gcc
+  gcc-c++
+  gcc-cpp
+  gettext
+  gmp
+  gmp-devel
+  info
+  libcommon
+  libcommon-devel
+  libgcc
+  libmpc
+  libisgsegv
+  libsigsegv-devel
+  libstdc++
+  libstdc++-devel
+  lzlib
+  lzlib-devel
+  m4
+  mpfr
+  mpfr-devel
+  zlib
+  zlib-devel
+Perform the following steps to modify the pam_radius-1.4.0/src/pam_radius_auth.h file.
+i. Run the following commands:
+<cli>
+  cd pam_radius-1.4.0
+  vi src/pam_radius_auth.h
+</cli>
+ii. On line 80, add "# define __sun", just before
+<code>
+  #ifndef CONST There are two underscores before sun and there is a space between define and underscores.
+</code>
+After modification, the code will be changed to:
+<code>
+  /*************************************************************************
+  * Platform specific defines
+  *************************************************************************/
+  #define __sun #ifndef CONST # if defined(__sun) || defined(__linux__) || defined(__FreeBSD__) || defined(__APPLE__) /*
+</code>
+iii. Save the file.
+d. Run the following commands to configure and compile.
+i. bash-4.3# ./configure
+ii. bash-4.3# make
+e. Run the following command:
+<cli>
+  gcc -fPIC -c src/pam_radius_auth.c -o pam_radius_auth.o
+</cli>
+f. Run the following command:
+<cli>
+  gcc -shared pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so
+</cli>
+===== Configuration =====
+. After the compilation is complete,
+<code>
+  copy the pam_radius_auth.so file to /usr/lib/security/ cp
+  pam_radius_auth.so /usr/lib/security/
+</code>
+. Run the following commands to configuring the RADIUS server in pam_radius:
+<cli>
+  mkdir /etc/raddb
+  cp pam_radius_auth.conf /etc/raddb/server
+  chown root /etc/raddb
+  chmod go-rwx /etc/raddb
+  chmod go-rwx /etc/raddb/server
+</cli>
+. Add the RADIUS server hostname or IP Address in /etc/raddb/server in following format:
+<cli>
+  radius_server <secret code> <timemout>
+</cli>
+. Enable SSH for pam_radius authentication using PAM. Add the following lines at the end of /etc/pam.conf to enable ssh to use pam_radius:
+<cli>
+  #SSHD
+  sshd auth required /usr/lib/security/pam_radius_auth.so
+  sshd account required /usr/lib/security/pam_aix
+  sshd password required /usr/lib/security/pam_aix
+  sshd session required /usr/lib/security/pam_aix
+</cli>
+. Modify the /etc/security/login.cfg file. Change “auth_type = STD_AUTH” to “auth_type = PAM_AUTH”.
+. Update the following parameter in /etc/ssh/sshd_config:
+<cli>
+  PasswordAuthentication no
+  PermitEmptyPasswords no
+  UsePrivilegeSeparation no
+  ChallengeResponseAuthentication yes
+  UsePAM yes
+</cli>
+. Run the following command to restart the sshd service:
+<cli>
+  stopsrc -s sshd ; startsrc -s sshd
+</cli>

wiki

User Tools

Site Tools

Differences

Page Tools