rlm_pam

Synopsis

Performs password checking via the Pluggable Authentication Module (PAM) framework.

For Linux, see the (PAM page.

Warning
In many instances, the system PAM libraries have memory leaks! It is strongly suggested that PAM not be used for authentication, owing to those memory leaks.

Processing Sections

authenticate

When listed in the authenticate section, the pam module verifies the User-Password via the PAM framework.

Return codes

invalid The request does not have a User-Name or User-Password attribute.

reject The user failed authentication.

ok The user succeeded in authenticating.

Expansions

None.

Directives

pam_auth
Syntax

pam_auth = string

Default

radiusd

Description

The PAM framework requires a PAM configuration file for each application that uses it. The filename that is searched in the /etc/pam.d/ directory is the name of the application.

The pam_auth directive sets the name that is presented to PAM as the application name.

See radiusd-pam for a sample PAM configuration file.

Note
A Pam-Auth attribute set in the authorize section will over-ride this configuration directive.