HP-UX PAM RADIUS A.01.00 Release Notes
If an Access-Challenge message is returned,
HP-UX PAM RADIUS displays the
Access-Challenge message, and prompts the user
for a response and returns success or failure as
appropriate.
The password sent to the next authentication
module is not the response to the challenge. If a
password from a previous authentication module
exists, it is passed to the next authentication
module. Otherwise, no password is sent to the
next module.
conf=<filename>
This option enables configuring a different
filename for the RADIUS server configuration
file. The default configuration file is
/etc/raddb/server. For information on the
syntax of the configuration file, see the
/etc/raddb/server.sample sample
configuration file.
client_id=<clientID>
This option enables configuring a
NAS-Identifier RADIUS attribute with the
<clientID> string instead of the standard PAM
service name (such as login and su ) . You can
disable this option by using a blank value for
client_id, for example 'client_id='.
retry=<retrycount> This option allows <retrycount> number of
authentication attempts before continuing to the
next configured RADIUS server.
ruser This option uses the value of PAM_RUSER instead
of PAM_USER, to determine the user name to
authenticate using RADIUS. This option is valid
only if PAM_USER is root.
localifdown
This option prompts HP-UX PAM RADIUS to
return PAM_IGNORE instead of
PAM_AUTHINFO_UNAVAIL, if RADIUS
authentication fails because of network
unavailability. PAM_IGNORE prompts the PAM
engine to continue down the stack regardless of
the control option used.
The following options have been added to support OTP authentication:
recv_authtok=<tokentype>
This option informs the module about the
authentication token that was set as
PAM_AUTHTOK item_type in the PAM handle
PAM Modules Supported by HP-UX PAM RADIUS A.01.00 5