Is it possible to set Radius authentication with PAM for ssh, su and sudo
Issue
It is possible to set the ssh service with PAM Radius, which gives the following log traces :
secure log while doing SSH connection
May 1 23:08:14 tsfe1 sshd[9060]: subsystem request for sftp
May 1 23:08:22 tsfe1 sshd[9060]: pam_unix(sshd:session): session closed for user root
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: Got user name root
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: Sending RADIUS request code 1
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: Got RADIUS response code 2
May 1 23:10:46 tsfe1 sshd[9100]: pam_radius_auth: authentication succeeded
May 1 23:10:47 tsfe1 sshd[9096]: Accepted keyboard-interactive/pam for root from 10.159.120.48 port 49440 ssh2
May 1 23:10:47 tsfe1 sshd[9096]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 1 23:10:47 tsfe1 sshd[9096]: subsystem request for sftp
May 1 23:10:51 tsfe1 sshd[9096]: pam_unix(sshd:session): session closed for user root
But when trying to set su and sudo, this does not work, and the following log trace is obtained :
May 1 23:31:27 tsfe1 su: pam_tally2(su-l:auth): user smsc (20001) tally 39, deny 5
May 1 23:31:29 tsfe1 su: pam_unix(su-l:auth): authentication failure; logname=root uid=21150 euid=0 tty=pts/2 ruser=oracle rhost= user=smsc
Environment
- Red Hat Entreprise Linux (RHEL) 5.9
- PAM
- Radius authentication
- su, sudo
Disclaimer: While Red Hat may sometimes provide steps for third party applications, we do not provide direct troubleshooting to those applications.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.