[tac_plus] Enable authentication using local passwd file not working
Andy Ziegelbein
Andy_Ziegelbein at hawkerbeechcraft.com
Wed Mar 12 22:22:39 UTC 2008
To Whom It May Concern:
I have successfully configured our TACACS+ daemon with a handful of
users and a group but am having a bit of difficulty getting the enable
authentication to work the way I'd like. The user configuration
contains nothing more than a group member reference and the group
configuration reads as follows:
group = admins {
default service = permit
login = file /etc/passwd
enable = des tl9ayrG/iJDwM
service = exec {
default attribute = permit
priv-lvl = 15
}
}
We are running the TACACS+ daemon on Solaris 9 and are authenticating
against the local UNIX database (note: I had to reference /etc/passwd
instead of /etc/shadow for this to work). The TACACS+ process runs as
root. As you can see, we are currently using a shared group enable
password. I would like to change this to have users authenticate
against the local UNIX database just as they do for login
authentication. However, when I configure 'enable = file /etc/passwd',
I get the following error message:
Wed Mar 12 16:59:17 2008 [14725]: Error 199.46.201.38: Error cannot
identify password type file /etc/passwd for username
Wed Mar 12 16:59:17 2008 [14725]: enable query for 'username' tty2 from
199.46.201.38 rejected
Is this something that should work, and if so, can you offer any
guidance as to what I'm doing wrong?
________________________________
Andy Ziegelbein
Computer Sciences Corporation
Managed Network Services
w: (316) 676-7539
m: (512) 694-0345
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080312/b5c0f8af/attachment.html
More information about the tac_plus
mailing list