The RADIUS service module for PAM provides authentication services based upon the RADIUS (Remote Authentication Dial In User Service) protocol.
The
pam_radius module accepts these optional parameters:
use_first_pass
causes pam_radius to use a previously entered password instead of prompting for a new one. If no password has been entered then authentication fails.
try_first_pass
causes pam_radius to use a previously entered password, if one is available. If no password has been entered, pam_radius prompts for one as usual.
echo_pass
causes echoing to be left on if pam_radius prompts for a password.
conf=pathname
specifies a non-standard location for the RADIUS client configuration file (normally located in /etc/radius.conf).
nas_id=identifier
specifies a NAS identifier to send instead of the hostname.
template_user=username
specifies a user whose
passwd(5) entry will be used as a template to create the session environment if the supplied username does not exist in the local password database. The user will be authenticated with the supplied username and password, but his credentials to the system will be presented as the ones for
username, i.e., his login class, home directory, resource limits, etc. will be set to ones defined for
username.
If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to
getpwnam(3)), the authentication will fail.
nas_ipaddr[=address]
specifies a NAS IP address to be sent. If option is present, but there is no value provided then IP address corresponding to the current hostname will be used.