[tac_plus] Re: PAM authentication

john heasley heas at shrubbery.net
Fri Jan 23 09:51:16 UTC 2009


Thu, Jan 22, 2009 at 01:44:05PM -0500, Adam Allred:
> Hello,
> 
> I am attempting to get tac_plus to use my pam stack for user authentication.
> As it stands, my pam stack already authenticates my users successfully for
> ssh login (I'm on a RHEL5 box). I have confirmed that the configure script
> did locate the pam devlopment libraries, but w/ debugging on, I don't see
> tac_plus trying to talk to the pam stack:
> 
> [root at server tacacs]# /usr/local/bin/tac_plus -C
> /usr/local/etc/tac_plus.conf -d 8 -d 16 -d 32 -d 64 -g
> Reading config
> Version F4.0.4.15 Initialized 1
> tac_plus server F4.0.4.15 starting
> uid=0 euid=0 gid=0 egid=0 s=4
> session.peerip is <ip address>
> connect from <ip address>
> tac_passwd_lookup: open /usr/local/etc/tacacs_passwd 6
> tac_passwd_lookup: close /usr/local/etc/tacacs_passwd 6
> login query for '<user>' tty1 from <ip address> rejected
> login failure: <user> <ip address> tty1
> 
> I kinda feel like I'm missing a step to make this work...and I couldn't find
> any documetnation beyond the FAQ posting. Any ideas?

as implemented, the user must still be list in the config, and maybe in
a group, and pam as their auth source.


More information about the tac_plus mailing list