[...]
>
> >IN BRIEF: Changing a user's password in /etc/shadow (using the passwd
> >command or otherwise) has no effect on RADIUS authentication. It allows the
> >user to login only on the old passwd (which physically does not even exist
> >in /etc/shadow!). Unless the user is deleted and then added with a new
> >password, a password change has no effect.
> >
Sure enough, restarting radiusd after the password change made things
normal. But the following questions arise:
- Why such a "feature"?
- Is there a way to turn off this "feature"?
- Where does radiusd authenticate passwords from, if not from
/etc/passwd, /etc/shadow?
- Can radiusd be informed about the password change if it caches
username/password entries?
(BTW, I run n2h2-esva radius.)
My apologies if this issue had been discussed earlier on this list.
Thanks to all those who replied - George E. Frankle,Curt Sampson,Jon Hosford,
Miguel A.L. Paraz.
-- Samuel Koods Cimarron Network Services