Date: Tue, 5 Mar 2002 16:47:22 -0800 (PST) From: bob bobing <this_is_my_act@yahoo.com> To: Michael Smith <mksmith@noanet.net>, freebsd-questions@freebsd.org Subject: Re: pam_tacplus Message-ID: <20020306004722.33148.qmail@web12404.mail.yahoo.com> In-Reply-To: <B8AAA163.47FD%mksmith@noanet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sure thing! works great btw. i changed /etc/pam.conf to look like this for auth. sshd auth sufficient pam_tacplus.so try_first_pass sshd auth required pam_unix.so This seem to make auth only fall back on local passwd if tacplus fails. Also you need a /etc/tacplus.conf Didn't know there was a man page for this, but the is the basic format. ----- $server[:port] $serectkey $timeout ----- $server can be hostname or ip, followed by an optional :port to change the default port (didn't test this) $secretkey is the key line from your tacacs server. $timeout is a timeout in seconds while trying to communicate with the remote tacacs server. as per the man page it looks like you can have up to 10 servers in the file. Works great!!! wish this was in the hand book *wink wink*. NOTE: seems like you can only use it for auth, anything else and sshd kicks out errors. Mar 5 17:50:03 yomamma sshd[6138]: unable to resolve symbol: pam_sm_acct_mgmt Mar 5 17:50:03 yomamma sshd[6138]: unable to resolve symbol: pam_sm_open_session Mar 5 17:50:03 yomamma sshd[6138]: unable to resolve symbol: pam_sm_close_session Mar 5 17:57:25 yomamma sshd[6197]: unable to resolve symbol: pam_sm_acct_mgmt Mar 5 17:57:25 yomamma sshd[6197]: unable to resolve symbol: pam_sm_chauthtok Mar 5 17:57:50 yomamma sshd[6206]: unable to resolve symbol: pam_sm_chauthtok --- Michael Smith <mksmith@noanet.net> wrote: > Let's try that again... > > The only reference I've found is: > > http://ceti.pl/~kravietz/progs/pam_tacplus.html > > But I couldn't get it to work using those params. If > you are successful I > would appreciate it if you would post a config. > > Thanks, > __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020306004722.33148.qmail>