search for: tacacs+

Hi, I am trying to get Openssh 5.5p1 to work with TACACS+. I have the TACACS + PAM module compiled on Ubuntu. I have compiled SSH --with-pam. When the user is defined in /etc/passwd, the SSH authentication to the TACACS+ server takes place successfully. If I REMOVE the user from /etc/passwd OpenSSH sends a string called INCORRECT to the TACACS+ server...

Hi All, is there an RPM for it for CentOS.? I tried "yum install tacacs+" but got nothing. I also checked dags repo and found nothing. Cheers. Mark Sargent.

...------------------------------------------------------- CC| |embeddedlinuxguy at gmail.com --- Comment #7 from Jesse Zbikowski <embeddedlinuxguy at gmail.com> 2007-05-19 11:21:19 --- Darren, thanks for this patch. I am using it to authenticate TACACS+ users using pam_tacplus. However I can't get it to do authorization in a sane way. The user mapping is done immediately after authentication. This means I can't use TACACS+ for authorization. For my experiment, I hacked pam_tacplus to set the PAM username to "op", which is a...

Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to single group...

Is there any working solution to proxy tacacs+ to radius server? (it can be commercial too?) I found this old project: http://portal-to-web.de/tacacs/, but it is a bit antique? -- Eero

Any good source to tac_plus server for centos 6? thanks, -- Eero

...g openssh for SSH connections. To open a new remote session via SSH, the openssh will look into the /etc/passwd file. If user present then it will allow to login using password or key authentication. But in my case all user info is present in remote database and authentication is form remote using tacacs+ server. Due to this I am facing error message as below 2017 Jan 13 10:45:51 : switch : sshd : Invalid user test from 10.12.16.16 2017 Jan 13 10:45:51 : switch : input_userauth_request: invalid user test [preauth] Please give some inputs on how to handle this scenario. Regards, Vishwanath KC +...

Hi I am trying to write pam_radius module which talks to RADIUS server for aaa. I see sshd checks /etc/passwd for user list. Since RADIUS server has user list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please suggest if there are any flags to control it. I am using the following versions. OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 I see sssd (NAS) being used for such use cases, how does sshd ignore /etc/passwd in those cases. Please suggest Regards, Ivan.

...o > m> > wrote: > > > Hi I am trying to write pam_radius module which talks to RADIUS > > server for > > aaa. > > > > I see sshd checks /etc/passwd for user list. Since RADIUS server > > has user > > list, can sshd ignore this check for RADIUS/TACACS+ authentication, > > Please > > suggest if there are any flags to control it. > > > > I am using the following versions. > > OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 > > > > I see sssd (NAS) being used for such use cases, how does sshd > > ignore &...

Hi We recenlty ugraded to openssh-3.7.1p2. Our architecture is ssh daemon uses pam module which sends request to remote radius/tacacs+ servers based on configuration. Now if I create the user in /etc/passwd, then ssh daemon calls pam and everthing works fine. But if the user is not present in /etc/passwd, then ssh daemon is not calling pam. The debug log is given below. All these were working in prior versions. Any idea w...

Hello, I have the following problem: I have installed openssh-1.2.2 on FreeBSD 3.4-RELEASE. I intentionally did not took the FreeBSD port because it does not support PAM. My aim is to make sshd authenticate against a TACACS+ server using the pam_tacplus.so module shipped with FreeBSD. That works perfectly with this line in my /etc/pam.conf: login auth sufficient pam_tacplus.so Accordingly, I set up pam.conf like this to make sshd do the same: sshd auth required pam_tacplus.so But all I get then from ss...

...24, 2017 at 11:16 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jan 24, 2017 at 4:17 PM, Vishwanath KC <vicchi.cit at gmail.com> > wrote: > [...] > > But in my case all user info is present in remote database and > > authentication is form remote using tacacs+ server. > > What platform is this? You probably want a NSS module or the > equivalent for your platform so that getpwnam(3) knows about those > users (including things like uid/gid, home directory and shell). I'm > not sure TACACS can provide the required details, though. >...