Displaying 1 result from an estimated 1 matches for "tacplus".
Did you mean:
aacplus
2010 Jun 30
1
PAM Module:Openssh and Tacacs+ Question
...cessfully.
If I REMOVE the user from /etc/passwd OpenSSH sends a string called
INCORRECT to the TACACS+ server and it denies authentication.
I am trying not to have a local definition of the user in /etc/passwd.
I have the following lines in my /etc/pam.d/sshd
auth sufficient /lib/security/pam_tacplus.so debug server=x.x.x.x
secret=xxxxxx encrypt login=chap prompt=Enter_TACACS_Password: first_hit
auth required /lib/security/pam_unix_auth.so use_first_pass
I looked at the source code of openssh 5.5p1.
auth-pam.c has this:
badpw[] = "\b\n\r\177INCORRECT";
When the user is deleted from...