Hello Gary, Here is a good URL for future reference: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-4.html#ss4.1 I think what you want is something like this in /etc/pam.d/login and I guess /etc/pam.d/sshd: auth [success=done authinfo_unavail=reset auth_err=die user_unknown=die cred_insufficient=die] /lib/security/pam_radius_auth.so This is the first auth line in your config and follow that with the default line like this for the fallback when the network is down: auth required /lib/security/pam_pwdb.so shadow Please let me know if your having success with the pam radius as I am recently having a complete failure on that auth module for some yet to be determined reason....I swear it was working for a few months and now all of a sudden it causes my session to be closed and a --- SIGSEGV (Segmentation fault) --- is the result... Cheers, JP ================================================================== Joseph J. Pyle - Network Consultant _ Internet Solutions @ PYLE.COM "<(o)>" ~ joe@pyle.com - Its in the eye of the beholder ================================================================== >On Mon, 28 May 2001 pam-list-request@redhat.com wrote: >Hello All, >I've configured PAM to use radius for telnet and ssh authentications. >My problem is that the server will now allow a user to logon using both >there radius password and local unix password (they are different) >Ideally, i'd like to do the following :- >if radius returns anything other than "ok" then deny the request. >if the radius server is dead / not responding then try the local unix >passwd. >Is this possible, is there another way to accomplish the same thing. >Thanks for your help. >G.
