i requested to be removed from this list. anyone know how i can do that so it works? i even got an unsubscribe confirmation......hhhhmmmmm thanks. ----- Original Message ----- From: "Steve Langasek" <vorlon@netexpress.net> To: "The Big Guy" <HotShit@RingBurn.com> Cc: <pam-list@redhat.com> Sent: Tuesday, October 31, 2000 6:51 PM Subject: Re: PPP + RADIUS authentication using PAM > On Wed, 1 Nov 2000, The Big Guy wrote: > > >> How do you see PAM being useful in your configuration? It's possible that > >> PAM may be useful at some stage of this process, but I don't see where. > > > PAM's useful in this area when you consider that you've got PHP, MySQL, > > Apache, Squid and PPPd all configured for PAM, and then you want to cast the > > box "out there" somewhere. It leaves ample room for all applications to be > > configured against the same authing mechanism with minimal effort - this is > > particularly relevant when the box could change authentication (Ie; from > > Radius to Tacacs .. or worse case - to NT's SMB auth). > > The problem here is that the poster explicitly stated this needed to work with > PPP CHAP authentication. That means that it WON'T work with pam_pwdb, > pam_unix, pam_kerberos, pam_ntdom, pam_userdb, or any other PAM module that > backends onto a user database where passwords are stored in encrypted form. I > would be surprised if pam_ldap worked at all, and pam_radius_auth will only > work if talking to a Radius server that supports CHAP -- which rules out most > of the Radius servers that run under Unix. And that pretty much takes me to > the end of the list of PAM authentication modules that I can think of. Unless > you have PHP, MySQL, Apache, Squid, and pppd all configured for PAM and using > a module /other/ than the above, one which uses a cleartext password database, > then you don't gain any interoperability at all by introducing PAM into the > above equation. > > Steve Langasek > postmodern programmer > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
