Is it possible to set Radius authentication with PAM for ssh, su and sudo
Issue
It is possible to set the ssh service with PAM Radius, which gives the following log traces :
secure log while doing SSH connection
May 1 23:08:14 tsfe1 sshd[9060]: subsystem request for sftp
May 1 23:08:22 tsfe1 sshd[9060]: pam_unix(sshd:session): session closed for user root
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: Got user name root
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: Sending RADIUS request code 1
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: Got RADIUS response code 2
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: authentication succeeded
May 1 23:10:47 tsfe1 sshd[9096]: Accepted keyboard-interactive/pam for root from 10.159.120.48 port 49440 ssh2
May 1 23:10:47 tsfe1 sshd[9096]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 1 23:10:47 tsfe1 sshd[9096]: subsystem request for sftp
May 1 23:10:51 tsfe1 sshd[9096]: pam_unix(sshd:session): session closed for user root
But when trying to set su and sudo, this does not work, and the following log trace is obtained :
May 1 23:31:27 tsfe1 su: pam_tally2(su-l:auth): user smsc (20001) tally 39, deny 5
May 1 23:31:29 tsfe1 su: pam_unix(su-l:auth): authentication failure; logname=root uid=21150 euid=0 tty=pts/2 ruser=oracle rhost= user=smsc
Environment
- Red Hat Entreprise Linux (RHEL) 5.9
- PAM
- Radius authentication
- su, sudo
Disclaimer: While Red Hat may sometimes provide steps for third party applications, we do not provide direct troubleshooting to those applications.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
