Change port for pam account radius request

[sylvaing35]

Hello,

I am using PAM_radius for session mode with this configuration in /etc/pam.d/sshd :

# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
session    required     pam_radius_auth.so debug skip_passwd prompt_attribute

And I have setup the /etc/raddb/server like this :

#Server                 Secret      Timeout
Radius_IP:1812    mysecret    20

My PAM request is still using the 1813 port, I think it's because it's an Accounting-Request and not an Access-Request.

I don't want to change my /etc/services default port for radius-acct

radius          1812/tcp                        # Radius
radius          1812/udp                        # Radius
radius-acct     1813/tcp        radacct         # Radius Accounting
radius-acct     1813/udp        radacct         # Radius Accounting

Is there a way to change this port by using pam_radius configuration ?

Regards, ROBERT Sylvain

[jpereira]

@sylvaing35 The latest pam_radius source code by default use the /etc/pam_radius_auth.conf as config file. Therefore, it's possible to use another file using the conf=/path/file for example here

[alandekok]

RADIUS uses port 1812 for authentication, and port 1813 for accounting.

When you configure a server:port in the pam_auth_radius.conf file, it assumes that the port is for authentication, and the accounting is port = 1.

If you want to change that, then you can edit the configuration file. Or, edit the source code to add a different configuration option for the accounting port.

The module cannot send both Access-Request and Accounting-Request packets to the same port. Fixing that will require changing the source code.

Or as Jorge said, use a different configuration file for a particular use-case.