aix:user_radius
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:user_radius [2022/02/21 10:04] manu |
aix:user_radius [2022/12/06 14:30] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== PAM with Radius ====== | ====== PAM with Radius ====== | ||
| + | |||
| + | Radius is available in standard AIX packages, but only for AIX standard authentification. | ||
| There is no support for RADIUS on AIX PAM. So you have to compile the module | There is no support for RADIUS on AIX PAM. So you have to compile the module | ||
| + | |||
| + | Mobile Pass token in the challenge response mode is configured for authentication | ||
| + | |||
| + | https://supportportal.gemalto.com/csm/sys_attachment.do?sys_id=d538e7741b5cc450f2888739cd4bcb75 | ||
| + | |||
| ===== Compilation ===== | ===== Compilation ===== | ||
| Line 37: | Line 44: | ||
| i. Run the following commands: | i. Run the following commands: | ||
| + | <cli> | ||
| cd pam_radius-1.4.0 | cd pam_radius-1.4.0 | ||
| vi src/pam_radius_auth.h | vi src/pam_radius_auth.h | ||
| - | ii. On line 80, add “# define __sun”, just before #ifndef CONST There are two underscores before sun and there is a space between define and underscores. | + | </cli> |
| + | |||
| + | ii. On line 80, add "# define __sun", just before | ||
| + | |||
| + | <code> | ||
| + | #ifndef CONST There are two underscores before sun and there is a space between define and underscores. | ||
| + | </code> | ||
| After modification, the code will be changed to: | After modification, the code will be changed to: | ||
| + | <code> | ||
| /************************************************************************* | /************************************************************************* | ||
| * Platform specific defines | * Platform specific defines | ||
| *************************************************************************/ | *************************************************************************/ | ||
| #define __sun #ifndef CONST # if defined(__sun) || defined(__linux__) || defined(__FreeBSD__) || defined(__APPLE__) /* | #define __sun #ifndef CONST # if defined(__sun) || defined(__linux__) || defined(__FreeBSD__) || defined(__APPLE__) /* | ||
| + | </code> | ||
| iii. Save the file. | iii. Save the file. | ||
| Line 56: | Line 72: | ||
| e. Run the following command: | e. Run the following command: | ||
| + | <cli> | ||
| gcc -fPIC -c src/pam_radius_auth.c -o pam_radius_auth.o | gcc -fPIC -c src/pam_radius_auth.c -o pam_radius_auth.o | ||
| + | </cli> | ||
| f. Run the following command: | f. Run the following command: | ||
| - | gcc -shared pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.sos | + | <cli> |
| + | gcc -shared pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so | ||
| + | </cli> | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
| 3. After the compilation is complete, | 3. After the compilation is complete, | ||
| + | <code> | ||
| copy the pam_radius_auth.so file to /usr/lib/security/ cp | copy the pam_radius_auth.so file to /usr/lib/security/ cp | ||
| pam_radius_auth.so /usr/lib/security/ | pam_radius_auth.so /usr/lib/security/ | ||
| + | </code> | ||
| + | |||
| 4. Run the following commands to configuring the RADIUS server in pam_radius: | 4. Run the following commands to configuring the RADIUS server in pam_radius: | ||
| + | <cli> | ||
| mkdir /etc/raddb | mkdir /etc/raddb | ||
| cp pam_radius_auth.conf /etc/raddb/server | cp pam_radius_auth.conf /etc/raddb/server | ||
| Line 74: | Line 95: | ||
| chmod go-rwx /etc/raddb | chmod go-rwx /etc/raddb | ||
| chmod go-rwx /etc/raddb/server | chmod go-rwx /etc/raddb/server | ||
| + | </cli> | ||
| 5. Add the RADIUS server hostname or IP Address in /etc/raddb/server in following format: | 5. Add the RADIUS server hostname or IP Address in /etc/raddb/server in following format: | ||
| + | <cli> | ||
| radius_server <secret code> <timemout> | radius_server <secret code> <timemout> | ||
| + | </cli> | ||
| + | | ||
| 6. Enable SSH for pam_radius authentication using PAM. Add the following lines at the end of /etc/pam.conf to enable ssh to use pam_radius: | 6. Enable SSH for pam_radius authentication using PAM. Add the following lines at the end of /etc/pam.conf to enable ssh to use pam_radius: | ||
| + | <cli> | ||
| #SSHD | #SSHD | ||
| sshd auth required /usr/lib/security/pam_radius_auth.so | sshd auth required /usr/lib/security/pam_radius_auth.so | ||
| Line 82: | Line 108: | ||
| sshd password required /usr/lib/security/pam_aix | sshd password required /usr/lib/security/pam_aix | ||
| sshd session required /usr/lib/security/pam_aix | sshd session required /usr/lib/security/pam_aix | ||
| + | </cli> | ||
| + | |||
| 7. Modify the /etc/security/login.cfg file. Change “auth_type = STD_AUTH” to “auth_type = PAM_AUTH”. | 7. Modify the /etc/security/login.cfg file. Change “auth_type = STD_AUTH” to “auth_type = PAM_AUTH”. | ||
| 8. Update the following parameter in /etc/ssh/sshd_config: | 8. Update the following parameter in /etc/ssh/sshd_config: | ||
| + | <cli> | ||
| PasswordAuthentication no | PasswordAuthentication no | ||
| PermitEmptyPasswords no | PermitEmptyPasswords no | ||
| Line 90: | Line 119: | ||
| ChallengeResponseAuthentication yes | ChallengeResponseAuthentication yes | ||
| UsePAM yes | UsePAM yes | ||
| + | </cli> | ||
| 9. Run the following command to restart the sshd service: | 9. Run the following command to restart the sshd service: | ||
| + | <cli> | ||
| stopsrc -s sshd ; startsrc -s sshd | stopsrc -s sshd ; startsrc -s sshd | ||
| + | </cli> | ||
aix/user_radius.1645434262.txt.gz · Last modified: 2022/02/21 10:04 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
