启用common-auth(包括pam_unix.so),并将“required”更改为“足够”.
auth sufficient pam_radius_auth.so
@include common-auth
(2016/05/03 JST)“后备”设置
auth [success=done default=bad authinfo_unavail=bad ignore=ignore] pam_radius_auth.so localifdown
@include common-auth
pam_radius_auth的结果在以下各种情况下:
| correct password (in Radius) | wrong (or UNIX) password
-----------------------+--------------------------------------+-------------------------
Radius Server is alive | PAM_SUCCESS | PAM_AUTHINFO_UNAVAIL
-----------------------+--------------------------------------+-------------------------
Radius Server is dead | PAM_IGNORE (with localifdown option)
-----------------------+--------------------------------------+-------------------------
结果是:
PAM_SUCCESS => done (Login success)
PAM_AUTHINFO_UNAVAIL => bad (Login failure)
PAM_IGNORE => ignore (continue to "common-auth")
有一张纸条.如果pam_radius_auth.conf中的超时值太小,则会在从Radius服务器收到“访问拒绝”之前确定“Radius服务器已死”.