Displaying 4 results from an estimated 4 matches for "pam_tacplus".
2000 Feb 02
2
problems with openssh-1.2.2 and pam_tacplus.so
Hello,
I have the following problem: I have installed openssh-1.2.2 on FreeBSD
3.4-RELEASE. I intentionally did not took the FreeBSD port because it does
not support PAM. My aim is to make sshd authenticate against a TACACS+
server using the pam_tacplus.so module shipped with FreeBSD. That works
perfectly with this line in my /etc/pam.conf:
login auth sufficient pam_tacplus.so
Accordingly, I set up pam.conf like this to make sshd do the same:
sshd auth required pam_tacplus.so
But all I get then from sshd is this:
su-2.03# /usr/loc...
2007 May 19
5
[Bug 1215] sshd requires entry from getpwnam for PAM accounts
...-----------------------------------
CC| |embeddedlinuxguy at gmail.com
--- Comment #7 from Jesse Zbikowski <embeddedlinuxguy at gmail.com> 2007-05-19 11:21:19 ---
Darren, thanks for this patch. I am using it to authenticate TACACS+
users using pam_tacplus. However I can't get it to do authorization in
a sane way.
The user mapping is done immediately after authentication. This means
I can't use TACACS+ for authorization. For my experiment, I hacked
pam_tacplus to set the PAM username to "op", which is a valid Unix
user, followin...
2010 Jun 30
1
PAM Module:Openssh and Tacacs+ Question
...successfully.
If I REMOVE the user from /etc/passwd OpenSSH sends a string called
INCORRECT to the TACACS+ server and it denies authentication.
I am trying not to have a local definition of the user in /etc/passwd.
I have the following lines in my /etc/pam.d/sshd
auth sufficient /lib/security/pam_tacplus.so debug server=x.x.x.x
secret=xxxxxx encrypt login=chap prompt=Enter_TACACS_Password: first_hit
auth required /lib/security/pam_unix_auth.so use_first_pass
I looked at the source code of openssh 5.5p1.
auth-pam.c has this:
badpw[] = "\b\n\r\177INCORRECT";
When the user is deleted from...
2003 Sep 24
4
unified authentication
Howdy list,
Sorry if this is a frequently discussed topic,
or an off-topic question, but I couldn't find much
info about my question by performing quick searches
in the archives, and my question is pretty tightly
related to security...
Background:
===========
I have a number of FreeBSD machines. Most are 4.x,
but a few are 5.x (mainly the testing/devel machines).
I also have a single Red