You may want to authenticate users with radius at some point, perhaps your backend stores all your users there, perhaps you do not want to login to many boxes to change password for same user, I will describe here how to authenticate users with almost any service.
First setup some repository depending on if your running 64 bit or not:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
Install it and configure it:
yum install pam_radius
alias pico='nano -w'
Setup your radius details here
#server[:port] shared_secret timeout (s)
127.0.0.1 your_radius_secret_password 3
Add radius authentication to SSH
#now for any users you want to authenticate, just toss following line as second line in any service
auth sufficient pam_radius_auth.so debug
Just open any file and edit it and its authenticating off radius
IMPORTANT NOTE: Do NOT think you can just add users to radius and login, you must actually create the user first! This is not LDAP, we are simply just providing another place to store passwords for users, nothing more, you can lockout the account on the system and still login with users radius passsword.
To add a user is simple as : adduser username
Delete a user just as simple : userdel -r username
Verify everything is ok:
ssh -l radius_user localhost
tail -100 /var/log/secure
You hopefully see something as follows:
pam_radius_auth: Got RADIUS response code 2
Exactly what we want, response code 2 from radius is Accept-Accept, so we typed in right password and should have been logged in.
Try some other services, pop open dovecot for instance:
pico /etc/pam.d/dovecot (add the same line)
telnet localhost 110
You can do this for all your services,
Until Next Time,