PAM_RADIUS(8)           FreeBSD System Manager's Manual          PAM_RADIUS(8)

NAME
     pam_radius - RADIUS authentication PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_radius [options]

DESCRIPTION
     The pam_radius module provides authentication services based upon the
     RADIUS (Remote Authentication Dial In User Service) protocol for the PAM
     (Pluggable Authentication Module) framework.

     The pam_radius module accepts these optional parameters:

     use_first_pass
                 causes pam_radius to use a previously entered password
                 instead of prompting for a new one.  If no password has been
                 entered then authentication fails.

     try_first_pass
                 causes pam_radius to use a previously entered password, if
                 one is available.  If no password has been entered,
                 pam_radius prompts for one as usual.

     echo_pass   causes echoing to be left on if pam_radius prompts for a
                 password.

     conf=pathname
                 specifies a non-standard location for the RADIUS client
                 configuration file (normally located in /etc/radius.conf).

     nas_id=identifier
                 specifies a NAS identifier to send instead of the hostname.

     nas_ipaddr[=address]
                 specifies a NAS IP address to be sent.  If option is present,
                 but there is no value provided then IP address corresponding
                 to the current hostname will be used.

     template_user=username
                 specifies a user whose passwd(5) entry will be used as a
                 template to create the session environment if the supplied
                 username does not exist in local password database.  The user
                 will be authenticated with the supplied username and
                 password, but his credentials to the system will be presented
                 as the ones for username, i.e., his login class, home
                 directory, resource limits, etc. will be set to ones defined
                 for username.

                 If this option is omitted, and there is no username in the
                 system databases equal to the supplied one (as determined by
                 call to getpwnam(3)), the authentication will fail.

     no_reply_message
                 suppress printing of the contents of any Reply-Message
                 attributes found in Access-Accept and Access-Reject
                 responses.  These are normally conveyed to the user as either
                 informational or error messages, depending on whether the
                 access request was accepted or rejected.

     no_warn     suppress warning messages to the user.  These messages
                 include reasons why the user's authentication attempt was
                 declined.

FILES
     /etc/radius.conf  The standard RADIUS client configuration file for
                       pam_radius

SEE ALSO
     passwd(5), radius.conf(5), pam(8)

HISTORY
     The pam_radius module first appeared in FreeBSD 3.1.  The pam_radius
     manual page first appeared in FreeBSD 3.3.

AUTHORS
     The pam_radius manual page was written by Andrzej Bialecki
     <abial@FreeBSD.org>.

     The pam_radius module was written by John D. Polstra <jdp@FreeBSD.org>.

FreeBSD 13.1-RELEASE-p6          May 16, 2018          FreeBSD 13.1-RELEASE-p6