wiki

User Tools

Site Tools

Trace: bacula user_radius
aix:user_radius

This is an old revision of the document!

Table of Contents

PAM with Radius

There is no support for RADIUS on AIX PAM. So you have to compile the module

https://supportportal.gemalto.com/csm/sys_attachment.do?sys_id=d538e7741b5cc450f2888739cd4bcb75

Compilation

In a web browser, open the following link to download Pamradius 1.4.0 rpm: 

http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/

Pam-auth Prerequisites

To enable radius authentication we need to install and configure pam_radius on AIX. Following are the dependencies for pam_radius: 

gcc
gcc-c++
gcc-cpp
gettext
gmp
gmp-devel
info
libcommon
libcommon-devel
libgcc
libmpc
libisgsegv
libsigsegv-devel
libstdc++
libstdc++-devel
lzlib
lzlib-devel
m4
mpfr
mpfr-devel
zlib
zlib-devel

Perform the following steps to modify the pam_radius-1.4.0/src/pam_radius_auth.h file.

i. Run the following commands: 

cd pam_radius-1.4.0
vi src/pam_radius_auth.h

ii. On line 80, add “# define sun”, just before #ifndef CONST There are two underscores before sun and there is a space between define and underscores. After modification, the code will be changed to: /* * Platform specific defines */ #define sun #ifndef CONST # if defined(sun) || defined(linux) || defined(FreeBSD) || defined(APPLE__) /*

iii. Save the file.

d. Run the following commands to configure and compile.

i. bash-4.3# ./configure

ii. bash-4.3# make

e. Run the following command: 

gcc -fPIC -c src/pam_radius_auth.c -o pam_radius_auth.o

f. Run the following command: 

gcc -shared pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so

Configuration

3. After the compilation is complete, 

copy the pam_radius_auth.so file to /usr/lib/security/ cp
pam_radius_auth.so /usr/lib/security/

4. Run the following commands to configuring the RADIUS server in pam_radius: 

mkdir /etc/raddb 
cp pam_radius_auth.conf /etc/raddb/server 
chown root /etc/raddb 
chmod go-rwx /etc/raddb 
chmod go-rwx /etc/raddb/server

5. Add the RADIUS server hostname or IP Address in /etc/raddb/server in following format: 

radius_server <secret code> <timemout>

6. Enable SSH for pam_radius authentication using PAM. Add the following lines at the end of /etc/pam.conf to enable ssh to use pam_radius: 

#SSHD 
sshd auth required /usr/lib/security/pam_radius_auth.so 
sshd account required /usr/lib/security/pam_aix 
sshd password required /usr/lib/security/pam_aix 
sshd session required /usr/lib/security/pam_aix

7. Modify the /etc/security/login.cfg file. Change “auth_type = STD_AUTH” to “auth_type = PAM_AUTH”.

8. Update the following parameter in /etc/ssh/sshd_config: 

PasswordAuthentication no 
PermitEmptyPasswords no 
UsePrivilegeSeparation no 
ChallengeResponseAuthentication yes 
UsePAM yes

9. Run the following command to restart the sshd service: 

stopsrc -s sshd ; startsrc -s sshd
aix/user_radius.1645434718.txt.gz · Last modified: 2022/02/21 10:11 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki