Date: Wed, 06 Mar 2002 20:09:40 -0800 From: Michael Smith <mksmith@noanet.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: pam_tacplus Message-ID: <B8AC2804.4947%mksmith@noanet.net> In-Reply-To: <20020306004722.33148.qmail@web12404.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bob: Thanks a bunch for the config. You're right, it works like a champ. I was able to add the config lines for account, session and password without sshd puking, so I thought I would send you my config in return (although I'm sure you tried this). I'm running 4.5 Release and OpenSSH 2.9 if that helps. Mike On 3/5/02 4:47 PM, "bob bobing" <this_is_my_act@yahoo.com> espoused: > Sure thing! works great btw. > > i changed /etc/pam.conf to look like this for auth. > > sshd auth sufficient pam_tacplus.so try_first_pass > sshd auth required pam_unix.so > > This seem to make auth only fall back on local passwd > if tacplus fails. > > Also you need a /etc/tacplus.conf > Didn't know there was a man page for this, but the is > the basic format. > ----- > $server[:port] $serectkey $timeout > ----- > $server can be hostname or ip, followed by an optional > :port to change the default port (didn't test this) > > $secretkey is the key line from your tacacs server. > > $timeout is a timeout in seconds while trying to > communicate with the remote tacacs server. > > as per the man page it looks like you can have up to > 10 servers in the file. Works great!!! wish this was > in the hand book *wink wink*. > > NOTE: seems like you can only use it for auth, > anything else and sshd kicks out errors. > > Mar 5 17:50:03 yomamma sshd[6138]: unable to resolve > symbol: pam_sm_acct_mgmt > Mar 5 17:50:03 yomamma sshd[6138]: unable to resolve > symbol: pam_sm_open_session > Mar 5 17:50:03 yomamma sshd[6138]: unable to resolve > symbol: pam_sm_close_session > Mar 5 17:57:25 yomamma sshd[6197]: unable to resolve > symbol: pam_sm_acct_mgmt > Mar 5 17:57:25 yomamma sshd[6197]: unable to resolve > symbol: pam_sm_chauthtok > Mar 5 17:57:50 yomamma sshd[6206]: unable to resolve > symbol: pam_sm_chauthtok > > --- Michael Smith <mksmith@noanet.net> wrote: >> Let's try that again... >> >> The only reference I've found is: >> >> http://ceti.pl/~kravietz/progs/pam_tacplus.html >> >> But I couldn't get it to work using those params. If >> you are successful I >> would appreciate it if you would post a config. >> >> Thanks, >> > > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- -------------------------------------------------------------------------- _ __ ____ ___ _ __ ______ ______ |Michael K. Smith / | / // __ \ / | / | / // ____//_ __/ |Chief IP Engineer / |/ // / / // /| | / |/ // __/ / / |mksmith@noanet.net / /| // /_/ // ___ | / /| // /___ / / |Cell: 206.579.8360 /_/ |_/ \____//_/ |_|/_/ |_//_____/ /_/ |Land: 206.783.3364 |Fax: 866.422.4887 |Pager: 800.696.6021 -------------------------------------------------------------------------- PGP Key: 485A 7807 2DFD CAC7 8E5D F348 4F19 89AC 0ED6 0B72 -------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8AC2804.4947%mksmith>