Install PAM Radius for use as external authentication

By Malte Sussdorff

OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff.

This step by step guide is derived from the installation instructions which you can find at yourdomain.com/doc/acs-authentication/ext-auth-pam-install.html. It is build upon PAM 0.77 (tested) and does not work on RedHat Linux Enterprise 3 (using PAM 0.75). It makes use of the ns_pam module written by Mat Kovach. The instructions given in here do work with PAM LDAP accordingly and differences will be shown at the end of the file.

  1. Install ns_pam. Download and install ns_pam

    [root aolserver]# cd /usr/local/src/aolserver/
              [root aolserver]# wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz
              [root aolserver]# tar xvfz ns_pam-0.1.tar.gz
              [root aolserver]# cd ns_pam-0.1
              [root ns_pam-0.1]# make install INST=/usr/local/aolserver
              [root ns_pam-0.1]#
    cd /usr/local/src/aolserver/
    wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz
    tar xvfz ns_pam-0.1.tar.gz
    cd ns_pam-0.1
    make install INST=/usr/local/aolserver
    
    
  2. Configure ns_pam. Configure AOLserver for ns_pam

    To enable ns_pam in AOLServer you will first have to edit your config.tcl file and enable the loading of the ns_pam module and configure the aolservers pam configuration file.

    • Change config.tcl. Remove the # in front of ns_param nspam ${bindir}/nspam.so to enable the loading of the ns_pam module.

    • Change config.tcl. Replace pam_domain in the section ns/server/${server}/module/nspam with aolserver

    • Create /etc/pam.d/aolserver.

                    [root ns_pam]#cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/pam-aolserver.txt /etc/pam.d/aolserver
      
  3. Configure PAM Radius. Configure and install PAM Radius

    You have to make sure that pam_radius v.1.3.16 or higher is installed, otherwise you will have to install it.

    [root ns_pam]# cd /usr/local/src/
              [root src]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
              [root src]# tar xvf pam_radius-1.3.16
              [root src]# cd pam_radius
              [root pam_radius]# make
              [root pam_radius]# cp pam_radius_auth.so /lib/security/
              [root pam_radius]#
    cd /usr/local/src
    wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
    tar xvf pam_radius-1.3.16
    cd pam_radius
    make
    cp pam_radius_auth.so /lib/security/
    
    

    Next you have to add the configuration lines to your Radius configuration file (/etc/rddb/server). For AOLserver to be able to access this information you have to change the access rights to this file as well.

    [root pam_radius]# echo "radius.yourdomain.com:1645 your_radius_password >>/etc/rddb/server
              [root src]# chown service0:web /etc/rddb/server