pam_radius(8) manual page

The pam_radius module provides authentication services based upon the RADIUS (Remote Authentication Dial In User Service) protocol for the PAM (Pluggable Authentication Module) framework.

The pam_radius module accepts these optional parameters:

use_first_pass

causes pam_radius to use a previously entered password instead of prompting for a new one. If no password has been entered then authentication fails.

try_first_pass

causes pam_radius to use a previously entered password, if one is available. If no password has been entered, pam_radius prompts for one as usual.

echo_pass

causes echoing to be left on if pam_radius prompts for a password.

conf=pathname

specifies a non-standard location for the RADIUS client configuration file (normally located in /etc/radius.conf).

nas_id=identifier

specifies a NAS identifier to send instead of the hostname.

nas_ipaddr[=address]

specifies a NAS IP address to be sent. If option is present, but there is no value provided then IP address corresponding to the current hostname will be used.

template_user=username

specifies a user whose passwd(5) entry will be used as a template to create the session environment if the supplied username does not exist in local password database. The user will be authenticated with the supplied username and password, but his credentials to the system will be presented as the ones for username, i.e., his login class, home directory, resource limits, etc.amp; will be set to ones defined for username.
If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to getpwnam(3)), the authentication will fail.

no_reply_message

suppress printing of the contents of any Reply-Message attributes found in Access-Accept and Access-Reject responses. These are normally conveyed to the user as either informational or error messages, depending on whether the access request was accepted or rejected.

no_warn

suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.

“	One of the advantages of using UNIX to teach an operating systems course is the sources and documentation will easily fit into a student's briefcase.	”
— John Lions

Manual Pages — PAM_RADIUS

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

FILES

SEE ALSO

HISTORY

AUTHORS

use_first_pass
	causes pam_radius to use a previously entered password instead of prompting for a new one. If no password has been entered then authentication fails.
try_first_pass
	causes pam_radius to use a previously entered password, if one is available. If no password has been entered, pam_radius prompts for one as usual.
echo_pass
	causes echoing to be left on if pam_radius prompts for a password.
conf=pathname
	specifies a non-standard location for the RADIUS client configuration file (normally located in `/etc/radius.conf`).
nas_id=identifier
	specifies a NAS identifier to send instead of the hostname.
nas_ipaddr[=address]
	specifies a NAS IP address to be sent. If option is present, but there is no value provided then IP address corresponding to the current hostname will be used.
template_user=username
	specifies a user whose passwd(5) entry will be used as a template to create the session environment if the supplied username does not exist in local password database. The user will be authenticated with the supplied username and password, but his credentials to the system will be presented as the ones for username, i.e., his login class, home directory, resource limits, etc.amp; will be set to ones defined for username. If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to getpwnam(3)), the authentication will fail.
no_reply_message
	suppress printing of the contents of any Reply-Message attributes found in Access-Accept and Access-Reject responses. These are normally conveyed to the user as either informational or error messages, depending on whether the access request was accepted or rejected.
no_warn
	suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.

`/etc/radius.conf`
	The standard RADIUS client configuration file for pam_radius