[tac_plus] Re: PAM support via PAP??
Jason Jeremias
jasonj at uui-alaska.com
Wed Sep 23 00:26:46 UTC 2009
When I run it I get.
root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -C
/etc/tacacs/tac_plus.cfg -d 16
Error: expecting 'cleartext', or 'des' keyword after 'pap =' on line 50
So to check that I have pam I did a:
root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -v
tac_plus version F4.0.4.19
ACLS
FIONBIO
LIBWRAP
LINUX
LITTLE_ENDIAN
LOG_DAEMON
PAM
NO_PWAGE
REAPCHILD
RETSIGTYPE RETSIGTYPE
SHADOW_PASSWORDS
SIGTSTP
SIGTTIN
SIGTTOU
SO_REUSEADDR
STRERROR
TAC_PLUS_PORT
UENABLE
__STDC__
This told me that I do indeed have PAM compiled in.
Here's my config file.
root at ns02:/usr/local/src/tac_plus_v9a# cat /etc/tacacs/tac_plus.cfg
key = testing12345
# Now tacacs+ also use default PAM authentication
#default authentication = pap PAM
# Accounting records log file
accounting file = /var/log/tac_acc.log
user = DEFAULT {
#service = ppp protocol = lcp { idletime = 15 }
#service = ppp protocol = ip {}
#pap = PAM
#maxsess = 2
member = DEFAULT
}
group = DEFAULT {
service = ppp protocol = ip {}
pap = PAM
#maxsess = 2
}
root at ns02:/usr/local/src/tac_plus_v9a#
john heasley wrote:
> Tue, Sep 22, 2009 at 03:26:34PM -0800, Jason Jeremias:
>
>> I downloaded the latest tac_plus software but I can't seem to get pap =
>> PAM to work is this possible? I need to authenticate ppp uses against pam.
>>
>
> did you make any effort to use daemon debugging options to debug the
> problem that you'd like to mention?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090922/c220b3d1/attachment.html
More information about the tac_plus
mailing list