cjs
Curt Sampson curt@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.
On Fri, 31 May 1996, Samuel Koods wrote:
> Date: Fri, 31 May 1996 11:57:31 -0500 (CDT)
> From: Samuel Koods <sam@ns.cnsnet.net>
> To: portmaster-radius@livingston.com
> Subject: RADIUS, shadow password mystery
>
> This one really makes me believe in gnomes and elves let alone daemons!
>
> IN BRIEF: Changing a user's password in /etc/shadow (using the passwd
> command or otherwise) has no effect on RADIUS authentication. It allows the
> user to login only on the old passwd (which physically does not even exist
> in /etc/shadow!). Unless the user is deleted and then added with a new
> password, a password change has no effect.
>
> DETAILS:
> Logins to our Portmaster 2E is RADIUS authenticated on a Linux machine with
> shadow passwords. When a user's password is changed with the passwd command
> (that came with the shadow password suite) or even if the (encrypted) password
> is physically changed or even removed from /etc/shadow, RADIUS still
> authenticates only on the old password. BUT a normal telnet login (not via
> RADIUS) onto the machine authenticates on the newly changed password. All
> users are on /etc/passwd, /etc/shadow of this Linux machine (and neither in
> /etc/raddb/users nor on the PM2E). No DBM user database in use. No NIS.
> Removed other files in /etc that have names starting with "passwd" and
> "shadow" (such passwd- shadow- passwd.OLD etc.)
>
> Any help, pointers would deeply be appreciated (before the gnomes get the
> better of me!)
>
> Thanks.
>
> --
> Samuel Koods
> Cimarron Network Services
>