On Mon, 30 Oct 2000, Ganesh, Sangeetha (Sangeetha)** CTR ** wrote: > Hi, > The paragraph below will give you an idea as to what i am trying to > implement: > Environment:- > OS: RedHat Linux 6.2 > Description:- > The requirement is to setup a PPP server on Linux to handle both dial-in and > dial-out connections. Firstly it should be able to do CHAP authentication > at the Data Link Layer level.Secondly I also need the Linux server to have a > Radius client that can authenticate users against a RADIUS server. This > should happen in the sequence , i.e, CHAP first and then RADIUS > authentication. > My question here is can i do all of the above with Linux PAM?? > I tried using Portslave(a Radius client) but am facing some problems because > of some known bugs and issues associated with Portslave. If CHAP is a requirement, you're much better off not using PAM for authentication. CHAP requires that passwords be stored in plaintext on the server, and there are few (if any) PAM modules that are designed to work with this scenario. Certainly, using PAM won't let you authenticate against /etc/passwd. CHAP really calls for a private password database, and most of the radius server software available already supports this directly. How do you see PAM being useful in your configuration? It's possible that PAM may be useful at some stage of this process, but I don't see where. Steve Langasek postmodern programmer
