Index: openacs-4/packages/acs-core-docs/www/install-pam-radius.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-pam-radius.html,v diff -u -r1.6 -r1.7 --- openacs-4/packages/acs-core-docs/www/install-pam-radius.html 12 Jul 2009 01:08:28 -0000 1.6 +++ openacs-4/packages/acs-core-docs/www/install-pam-radius.html 13 Sep 2009 23:54:40 -0000 1.7 @@ -1,38 +1,38 @@ - -Install PAM Radius for use as external authentication

Install PAM Radius for use as external authentication

By Malte Sussdorff

+ +Install PAM Radius for use as external authentication

Install PAM Radius for use as external authentication

By Malte Sussdorff

OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff. -

This step by step guide is derived from the installation instructions which you can find at yourdomain.com/doc/acs-authentication/ext-auth-pam-install.html. It is build upon PAM 0.77 (tested) and does not work on RedHat Linux Enterprise 3 (using PAM 0.75). It makes use of the ns_pam module written by Mat Kovach. The instructions given in here do work with PAM LDAP accordingly and differences will be shown at the end of the file.

  1. Install ns_pam. Download and install ns_pam

    [root aolserver]# cd /usr/local/src/aolserver/
    -          [root aolserver]# wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz
    -          [root aolserver]# tar xvfz ns_pam-0.1.tar.gz
    -          [root aolserver]# cd ns_pam-0.1
    -          [root ns_pam-0.1]# make install INST=/usr/local/aolserver
    +        

This step by step guide is derived from the installation instructions which you can find at yourdomain.com/doc/acs-authentication/ext-auth-pam-install.html. It is build upon PAM 0.77 (tested) and does not work on RedHat Linux Enterprise 3 (using PAM 0.75). It makes use of the ns_pam module written by Mat Kovach. The instructions given in here do work with PAM LDAP accordingly and differences will be shown at the end of the file.

  1. Install ns_pam. Download and install ns_pam

    [root aolserver]# cd /usr/local/src/aolserver/
    +          [root aolserver]# wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz
    +          [root aolserver]# tar xvfz ns_pam-0.1.tar.gz
    +          [root aolserver]# cd ns_pam-0.1
    +          [root ns_pam-0.1]# make install INST=/usr/local/aolserver
               [root ns_pam-0.1]#
     cd /usr/local/src/aolserver/
     wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz
     tar xvfz ns_pam-0.1.tar.gz
     cd ns_pam-0.1
     make install INST=/usr/local/aolserver
     
    -          
  2. Configure ns_pam. Configure AOLserver for ns_pam

    To enable ns_pam in AOLServer you will first have to edit your config.tcl file and enable the loading of the ns_pam module and configure the aolservers pam configuration file.

    • +

    • Configure ns_pam. Configure AOLserver for ns_pam

      To enable ns_pam in AOLServer you will first have to edit your config.tcl file and enable the loading of the ns_pam module and configure the aolservers pam configuration file.

      • Change config.tcl. Remove the - # in front of ns_param - nspam ${bindir}/nspam.so to enable the loading + # in front of ns_param + nspam ${bindir}/nspam.so to enable the loading of the ns_pam module. -

      • +

      • Change config.tcl. Replace - pam_domain in the section - ns/server/${server}/module/nspam - with aolserver -

      • Create /etc/pam.d/aolserver. + pam_domain in the section + ns/server/${server}/module/nspam + with aolserver +

      • Create /etc/pam.d/aolserver.

        -              [root ns_pam]#cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/pam-aolserver.txt /etc/pam.d/aolserver
        -            
    • Configure PAM Radius. Configure and install PAM Radius

      You have to make sure that pam_radius v.1.3.16 or higher is installed, otherwise you will have to install it.

      [root ns_pam]# cd /usr/local/src/
      -          [root src]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
      -          [root src]# tar xvf pam_radius-1.3.16
      -          [root src]# cd pam_radius
      -          [root pam_radius]# make
      -          [root pam_radius]# cp pam_radius_auth.so /lib/security/
      +              [root ns_pam]#cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/pam-aolserver.txt /etc/pam.d/aolserver
      +            
  3. Configure PAM Radius. Configure and install PAM Radius

    You have to make sure that pam_radius v.1.3.16 or higher is installed, otherwise you will have to install it.

    [root ns_pam]# cd /usr/local/src/
    +          [root src]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
    +          [root src]# tar xvf pam_radius-1.3.16
    +          [root src]# cd pam_radius
    +          [root pam_radius]# make
    +          [root pam_radius]# cp pam_radius_auth.so /lib/security/
               [root pam_radius]#
     cd /usr/local/src
     wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
    @@ -41,6 +41,6 @@
     make
     cp pam_radius_auth.so /lib/security/
     
    -          

    Next you have to add the configuration lines to your Radius configuration file (/etc/rddb/server). For AOLserver to be able to access this information you have to change the access rights to this file as well.

    [root pam_radius]# echo "radius.yourdomain.com:1645 your_radius_password >>/etc/rddb/server
    -          [root src]# chown service0:web /etc/rddb/server
    +          

    Next you have to add the configuration lines to your Radius configuration file (/etc/rddb/server). For AOLserver to be able to access this information you have to change the access rights to this file as well.

    [root pam_radius]# echo "radius.yourdomain.com:1645 your_radius_password >>/etc/rddb/server
    +          [root src]# chown service0:web /etc/rddb/server
               
View comments on this page at openacs.org