search for: pam_tacplus

Hello, I have the following problem: I have installed openssh-1.2.2 on FreeBSD 3.4-RELEASE. I intentionally did not took the FreeBSD port because it does not support PAM. My aim is to make sshd authenticate against a TACACS+ server using the pam_tacplus.so module shipped with FreeBSD. That works perfectly with this line in my /etc/pam.conf: login auth sufficient pam_tacplus.so Accordingly, I set up pam.conf like this to make sshd do the same: sshd auth required pam_tacplus.so But all I get then from sshd is this: su-2.03# /usr/loc...

...----------------------------------- CC| |embeddedlinuxguy at gmail.com --- Comment #7 from Jesse Zbikowski <embeddedlinuxguy at gmail.com> 2007-05-19 11:21:19 --- Darren, thanks for this patch. I am using it to authenticate TACACS+ users using pam_tacplus. However I can't get it to do authorization in a sane way. The user mapping is done immediately after authentication. This means I can't use TACACS+ for authorization. For my experiment, I hacked pam_tacplus to set the PAM username to "op", which is a valid Unix user, followin...

...successfully. If I REMOVE the user from /etc/passwd OpenSSH sends a string called INCORRECT to the TACACS+ server and it denies authentication. I am trying not to have a local definition of the user in /etc/passwd. I have the following lines in my /etc/pam.d/sshd auth sufficient /lib/security/pam_tacplus.so debug server=x.x.x.x secret=xxxxxx encrypt login=chap prompt=Enter_TACACS_Password: first_hit auth required /lib/security/pam_unix_auth.so use_first_pass I looked at the source code of openssh 5.5p1. auth-pam.c has this: badpw[] = "\b\n\r\177INCORRECT"; When the user is deleted from...

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red