pam | FreeRADIUS Documentation

rlm_pam

Synopsis

Performs password checking via the Pluggable Authentication Module (PAM) framework.

For Linux, see the (PAM page.

Warning

In many instances, the system PAM libraries have memory leaks! It is strongly suggested that PAM not be used for authentication, owing to those memory leaks.

Default configuration

Processing Sections

authenticate

When listed in the authenticate section, the pam module verifies the User-Password via the PAM framework.

Return codes: invalid The request does not have a User-Name or User-Password attribute.
: reject The user failed authentication.
: ok The user succeeded in authenticating.

Expansions

None.

Directives

pam_auth

Syntax: pam_auth = string
Default: radiusd
Description: The PAM framework requires a PAM configuration file for each application that uses it. The filename that is searched in the /etc/pam.d/ directory is the name of the application.
: The pam_auth directive sets the name that is presented to PAM as the application name.
: See radiusd-pam for a sample PAM configuration file.

Note	A `Pam-Auth` attribute set in the `authorize` section will over-ride this configuration directive.