From owner-freebsd-questions  Tue Mar  5 16:47:35 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from web12404.mail.yahoo.com (web12404.mail.yahoo.com [216.136.173.131])
	by hub.freebsd.org (Postfix) with SMTP id E377737B402
	for <freebsd-questions@freebsd.org>; Tue,  5 Mar 2002 16:47:22 -0800 (PST)
Message-ID: <20020306004722.33148.qmail@web12404.mail.yahoo.com>
Received: from [198.22.121.120] by web12404.mail.yahoo.com via HTTP; Tue, 05 Mar 2002 16:47:22 PST
Date: Tue, 5 Mar 2002 16:47:22 -0800 (PST)
From: bob bobing <this_is_my_act@yahoo.com>
Subject: Re: pam_tacplus
To: Michael Smith <mksmith@noanet.net>, freebsd-questions@freebsd.org
In-Reply-To: <B8AAA163.47FD%mksmith@noanet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Sure thing! works great btw.

i changed /etc/pam.conf to look like this for auth.

sshd auth sufficient pam_tacplus.so try_first_pass
sshd auth required pam_unix.so

This seem to make auth only fall back on local passwd
if tacplus fails.

Also you need a /etc/tacplus.conf
Didn't know there was a man page for this, but the is
the basic format.
-----
$server[:port] $serectkey $timeout
-----
$server can be hostname or ip, followed by an optional
:port to change the default port (didn't test this) 

$secretkey is the key line from your tacacs server. 

$timeout is a timeout in seconds while trying to
communicate with the remote tacacs server.

as per the man page it looks like you can have up to
10 servers in the file. Works great!!! wish this was
in the hand book *wink wink*.

NOTE: seems like you can only use it for auth,
anything else and sshd kicks out errors.

Mar  5 17:50:03 yomamma sshd[6138]: unable to resolve
symbol: pam_sm_acct_mgmt
Mar  5 17:50:03 yomamma sshd[6138]: unable to resolve
symbol: pam_sm_open_session
Mar  5 17:50:03 yomamma sshd[6138]: unable to resolve
symbol: pam_sm_close_session
Mar  5 17:57:25 yomamma sshd[6197]: unable to resolve
symbol: pam_sm_acct_mgmt
Mar  5 17:57:25 yomamma sshd[6197]: unable to resolve
symbol: pam_sm_chauthtok
Mar  5 17:57:50 yomamma sshd[6206]: unable to resolve
symbol: pam_sm_chauthtok

--- Michael Smith <mksmith@noanet.net> wrote:
> Let's try that again...
> 
> The only reference I've found is:
> 
> http://ceti.pl/~kravietz/progs/pam_tacplus.html
> 
> But I couldn't get it to work using those params. If
> you are successful I
> would appreciate it if you would post a config.
> 
> Thanks,
> 


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message