search for: tacac

Displaying 15 results from an estimated 15 matches for "tacac".

Did you mean: tacc
2018 Jan 03
2
SSHD and PAM
Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to single grou...
2018 Jan 03
3
SSHD and PAM
...o > m> > wrote: > > > Hi I am trying to write pam_radius module which talks to RADIUS > > server for > > aaa. > > > > I see sshd checks /etc/passwd for user list. Since RADIUS server > > has user > > list, can sshd ignore this check for RADIUS/TACACS+ authentication, > > Please > > suggest if there are any flags to control it. > > > > I am using the following versions. > > OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 > > > > I see sssd (NAS) being used for such use cases, how does sshd > > ignore...
2007 Jan 13
3
Permission denied by op
i am invoking op from a python proggy which does an op.system() of op chmod 640 /usr/local/etc/tac_plus.conf i get "Permission denied by op" % ls -l /usr/local/etc/op.access -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access % cat /usr/local/etc/op.access # 2007.01.13 # #DEFAULT users=src # chown /usr/sbin/chown $* ; users=src chmod /bin/chmod $* ; users=src
2017 Jan 24
2
Need information to bypass the preauth in openssh
...g openssh for SSH connections. To open a new remote session via SSH, the openssh will look into the /etc/passwd file. If user present then it will allow to login using password or key authentication. But in my case all user info is present in remote database and authentication is form remote using tacacs+ server. Due to this I am facing error message as below 2017 Jan 13 10:45:51 : switch : sshd : Invalid user test from 10.12.16.16 2017 Jan 13 10:45:51 : switch : input_userauth_request: invalid user test [preauth] Please give some inputs on how to handle this scenario. Regards, Vishwanath KC...
2010 Jun 30
1
PAM Module:Openssh and Tacacs+ Question
Hi, I am trying to get Openssh 5.5p1 to work with TACACS+. I have the TACACS + PAM module compiled on Ubuntu. I have compiled SSH --with-pam. When the user is defined in /etc/passwd, the SSH authentication to the TACACS+ server takes place successfully. If I REMOVE the user from /etc/passwd OpenSSH sends a string called INCORRECT to the TACACS+ server...
1998 Jun 08
27
Services not required?
...I am down to only a handful but am not sure how much of a security risk they pose and was wondering if anyone here might be able to comment, or suggest secure versions to run: 21/FTP (WU-ftpd v2.4.2 BETA 14) 22/SSH (1.22) 23/TELNET (Netkit 0.09) 25/SMTP (Sendmail v8.8.7) 49/TACACS (TACACS_Plus v4.0.2 BETA/Cisco) 53/DNS (BIND v8.1.2) 80/HTTP (Apache v1.2.6 - upgrading to v1.3.0) 110/POP3 (Katie Steven''s v1.016) 111/RPC (Netkit 0.09) 113/IDENTD (????) 669/MOUNTD (RPC/Linux Userspace NFS server v2.2beta29) 2049/NFS (RPC/Linux Use...
2003 Sep 24
4
unified authentication
Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red
2003 Oct 20
1
looking for a job
...eshoot network connections/problems. Ethernet, FastEthernet, Frame Relay, HDLC, xDSL, LRE, HPNA, ISDN/PRI/R2/E1 (G.703), VPN/PPTP/GRE, PPP. A solid understanding and experience of TCP/IP, SNMP, SMTP/POP3/IMAP/UUCP, NNTP, HTTP/FTP, DNS, NFS, NTP, Telnet/SSH/RSH, TACACS/RADIUS, DHCP, IRC/Jabber, SSL. Knowledge of protocol internals. * Databases: PostgreSQL, MySQL, mSQL. * Software: * Routing: routed, gated, zebra. * WWW: apache, squid, jesred, HTML::Mason, mod_perl, mod_ssl, mod_rewrite, Apache::ASP, Parser3, PHP. * Develop...
2017 Jan 24
2
Need information to bypass the preauth in openssh
...24, 2017 at 11:16 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jan 24, 2017 at 4:17 PM, Vishwanath KC <vicchi.cit at gmail.com> > wrote: > [...] > > But in my case all user info is present in remote database and > > authentication is form remote using tacacs+ server. > > What platform is this? You probably want a NSS module or the > equivalent for your platform so that getpwnam(3) knows about those > users (including things like uid/gid, home directory and shell). I'm > not sure TACACS can provide the required details, though. &gt...
2017 Jan 24
2
Need information to bypass the preauth in openssh
> On 24 Jan 2017, at 06:01, Darren Tucker <dtucker at zip.com.au> wrote: > > On Tue, Jan 24, 2017 at 4:54 PM, Vishwanath KC <vicchi.cit at gmail.com> wrote: > [...] >> Distributor ID: Debian >> Description: Debian GNU/Linux 8.2 (jessie) > > As you've seen, sshd requires that the system's getpwnam() function > knows the user, without which
2005 Nov 10
1
tacacs+ RPM.?
Hi All, is there an RPM for it for CentOS.? I tried "yum install tacacs+" but got nothing. I also checked dags repo and found nothing. Cheers. Mark Sargent.
2006 Aug 09
3
[Bug 1215] sshd requires entry from getpwnam for PAM accounts
http://bugzilla.mindrot.org/show_bug.cgi?id=1215 Summary: sshd requires entry from getpwnam for PAM accounts Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org
2012 Oct 13
0
tacacs+ to radius bridge or proxy or something?
Is there any working solution to proxy tacacs+ to radius server? (it can be commercial too?) I found this old project: http://portal-to-web.de/tacacs/, but it is a bit antique? -- Eero
2004 Aug 13
1
help with LDAP and Samba
...l variations to no avail. I would REALLY appreciate it if someone who has a working samba/OpenLDAP enviroment could take a moment to assist me. As I stated I am not getting any errors in the error logs. OpenLDAP is a production server being used as the authentication system for our email and TACACS, so that is working. I added the samba schema when I set it up as I knew it would be only a matter of time before we went to samba. Note in the config below I have tried it with and without the filter along with and without group/user/computer suffix. OS: Fedora Core 2 Samba: 3.0.3-5 below...
2004 Aug 10
1
Your mail to Firewalls-Book-Info
...Lookup Services Chapter 21: Authentication and Auditing Services What Is Authentication? Passwords Authentication Mechanisms Modular Authentication for Unix Kerberos NTLM Domains Remote Authentication Dial-in User Service (RADIUS) TACACS and Friends Auth and identd Chapter 22: Administrative Services System Management Protocols Routing Protocols Protocols for Booting and Boot-Time Configuration ICMP and Network Diagnostics Network Time Protocol (NTP) File Synchronization...