Displaying 1 result from an estimated 1 matches for "enter_tacacs_password".
2010 Jun 30
1
PAM Module:Openssh and Tacacs+ Question
...called
INCORRECT to the TACACS+ server and it denies authentication.
I am trying not to have a local definition of the user in /etc/passwd.
I have the following lines in my /etc/pam.d/sshd
auth sufficient /lib/security/pam_tacplus.so debug server=x.x.x.x
secret=xxxxxx encrypt login=chap prompt=Enter_TACACS_Password: first_hit
auth required /lib/security/pam_unix_auth.so use_first_pass
I looked at the source code of openssh 5.5p1.
auth-pam.c has this:
badpw[] = "\b\n\r\177INCORRECT";
When the user is deleted from /etc/passwd SSH complains saying:
sshd: error: PAM: user not known to the underlying...