Pluggable Authentication Modules
supports RADIUS, TACACS+ and
(Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating
number of new ways of authenticating users
have become popular. The challenge
it requires all the necess
ary programs (login, ftpd
PAM provides a way to develop programs that are independent of authentication scheme
programs need "authentication modules" to be attached
time in order to work. Which
authentication module is to be attached is dependent upon the local system setup and is at the
family supports PAM to which we have added
http://www.freeradius.org/pam_radius_auth/
ttp://echelon.pl/pubs/pam_tacplus.html
http://www.padl.com/OSS/pam_ldap.html
Further modules can be added as required.
Changes may be made to files in /etc/config/pam.
d/ which will persist, even if the authentication
When a user attempts to log in, but does not already have an account on t
new user account will be created. This account will
They will not appear in t
Automatically added accounts will not be able to log in if the remote
users are currently assumed to have
access to all resources, so will only be au
ed each time they access a new
Admin rights granted over AAA
Users may be granted Administrator rights via networked AAA.
For RADIUS, administrators are indicated via the Framed Filter
See the example configuration files below
ation via TACACS for both serial ports and host access
Permission to access resources may be granted via TAC
or networked host the user may access.
See the example configuration files below
Comments to this Manuals