openssh with radius server unreachable

Pascal Henri pascal.henri at alcatel.fr
Fri Nov 10 00:30:18 EST 2006


  Hello,

I think to have find a small pb with openssh when a Radius server is 
unreachable.
I use radius authentication with pam my system-auth is the following

auth [success=done auth_err=die default=ignore] 
/lib/security/pam_radius_auth.so try_first_pass debug
auth [success=ignore auth_err=ignore default=ignore] pam_nologin.so 
file=/etc/raddb/radiusfailure
auth        required    /lib/security/pam_unix.so likeauth nullok md5 shadow
auth        required    /lib/security/pam_tally.so deny=2 per_user 
no_magic_root even_deny_root_account
account     required    /lib/security/pam_unix.so
account     required    /lib/security/pam_tally.so reset no_magic_root
password    required    /lib/security/pam_cracklib.so retry=3
password    sufficient  /lib/security/pam_unix.so nullok use_authtok md5 
shadow
password    required    /lib/security/pam_deny.so
session     required    /lib/security/pam_unix.so

when radius server is unreachable, we display contents of file 
radiusfailure "RADIUS servers are unreachable, need local password.".
with telnet this contents is display on client between each 
authentication try but not when i use ssh client.
With ssh, i have the following sequence

debug1: Doing password authentication.
pascal at clin5207's password:
Permission denied, please try again.
pascal at clin5207's password:
Permission denied, please try again.
pascal at clin5207's password:
Permission denied.

I have no indication that radius server is not reachable. Is it possible 
to fix the problem ?
-- 

-------------------------
Pascal h.



-------------------------


More information about the openssh-unix-dev mailing list