legionus
commented
2 years ago @jullrey It seems to me that this question should be asked to the RHEL maintainers.
Closed jullrey closed 2 years ago
legionus
commented
2 years ago @jullrey It seems to me that this question should be asked to the RHEL maintainers.
legionus
commented
2 years ago Have you tried asking them?
jullrey
commented
2 years ago OK I opened a support ticket with Red Hat and this is what they said: "We also do not support pam_radius, as that is an EPEL package"
legionus
commented
2 years ago Perhaps pam_unix was enforced in RHEL8 or you are adding pam_radius incorrectly in RHEL8. I'm just guessing right now. Unfortunately, I can't help you since even the distribution developers don't support radius.
I manage multiple STIG'd RHEL 8 system. The default /etc/pam.d/vlock includes system-auth where I have my 'auth sufficient pam_radius_auth.so debug' line that works to allowy RADIUS authentication to work when I am on the console or ssh'ng to a server. I normally delete the local users password and only allow RADIUS auth on my RHEL 7 system and want to do the same on RHEL 8. However vlock will not unlock using RADIUS and will only unlock with a locally assigned password. I don't understand why the include system-auth in the /etc/pam.d/vlock doesn't handle this. Is there something I can add to the /etc/pam.d/vlock file that will allow RADIUS authentication to unlock the screen? Thanks.