Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Mar 2002 16:47:22 -0800 (PST)
From:      bob bobing <this_is_my_act@yahoo.com>
To:        Michael Smith <mksmith@noanet.net>, freebsd-questions@freebsd.org
Subject:   Re: pam_tacplus
Message-ID:  <20020306004722.33148.qmail@web12404.mail.yahoo.com>
In-Reply-To: <B8AAA163.47FD%mksmith@noanet.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sure thing! works great btw.

i changed /etc/pam.conf to look like this for auth.

sshd auth sufficient pam_tacplus.so try_first_pass
sshd auth required pam_unix.so

This seem to make auth only fall back on local passwd
if tacplus fails.

Also you need a /etc/tacplus.conf
Didn't know there was a man page for this, but the is
the basic format.
-----
$server[:port] $serectkey $timeout
-----
$server can be hostname or ip, followed by an optional
:port to change the default port (didn't test this) 

$secretkey is the key line from your tacacs server. 

$timeout is a timeout in seconds while trying to
communicate with the remote tacacs server.

as per the man page it looks like you can have up to
10 servers in the file. Works great!!! wish this was
in the hand book *wink wink*.

NOTE: seems like you can only use it for auth,
anything else and sshd kicks out errors.

Mar  5 17:50:03 yomamma sshd[6138]: unable to resolve
symbol: pam_sm_acct_mgmt
Mar  5 17:50:03 yomamma sshd[6138]: unable to resolve
symbol: pam_sm_open_session
Mar  5 17:50:03 yomamma sshd[6138]: unable to resolve
symbol: pam_sm_close_session
Mar  5 17:57:25 yomamma sshd[6197]: unable to resolve
symbol: pam_sm_acct_mgmt
Mar  5 17:57:25 yomamma sshd[6197]: unable to resolve
symbol: pam_sm_chauthtok
Mar  5 17:57:50 yomamma sshd[6206]: unable to resolve
symbol: pam_sm_chauthtok

--- Michael Smith <mksmith@noanet.net> wrote:
> Let's try that again...
> 
> The only reference I've found is:
> 
> http://ceti.pl/~kravietz/progs/pam_tacplus.html
> 
> But I couldn't get it to work using those params. If
> you are successful I
> would appreciate it if you would post a config.
> 
> Thanks,
> 


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020306004722.33148.qmail>