[tac_plus] Re: PAM support via PAP??

john heasley heas at shrubbery.net
Wed Sep 23 15:04:38 UTC 2009 

Tue, Sep 22, 2009 at 04:28:31PM -0800, Jason Jeremias:
> Oh also I removed all the comments from the config file that's why its  
> referencing line 50.   It looks to me like it just doesn't like the pap  
> = PAM, if I switch to login = PAM it works fine.

Bad memory; pap auth currently only supports cleartext.  glancing at the
code, there is no reason it couldnt be added, just has to be coded.

> -J
>
> Jason Jeremias wrote:
>> When I run it I get.
>> root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -C  
>> /etc/tacacs/tac_plus.cfg -d 16
>> Error: expecting 'cleartext', or 'des' keyword after 'pap =' on line 50
>>
>> So to check that I have pam I did a:
>> root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -v
>> tac_plus version F4.0.4.19
>> ACLS
>> FIONBIO
>> LIBWRAP
>> LINUX
>> LITTLE_ENDIAN
>> LOG_DAEMON
>> PAM
>> NO_PWAGE
>> REAPCHILD
>> RETSIGTYPE RETSIGTYPE
>> SHADOW_PASSWORDS
>> SIGTSTP
>> SIGTTIN
>> SIGTTOU
>> SO_REUSEADDR
>> STRERROR
>> TAC_PLUS_PORT
>> UENABLE
>> __STDC__
>>
>> This told me that I do indeed have PAM compiled in.
>>
>>
>> Here's my config file.
>> root at ns02:/usr/local/src/tac_plus_v9a# cat /etc/tacacs/tac_plus.cfg
>>
>> key = testing12345
>>
>> # Now tacacs+ also use default PAM authentication
>> #default authentication = pap PAM
>>
>> # Accounting records log file
>>
>> accounting file = /var/log/tac_acc.log
>>
>> user = DEFAULT {
>>     #service = ppp protocol = lcp { idletime = 15 }
>>     #service = ppp protocol = ip {}
>>     #pap = PAM
>>     #maxsess = 2
>>     member = DEFAULT
>> }
>>
>> group = DEFAULT {
>>     service = ppp protocol = ip {}
>>     pap = PAM
>>     #maxsess = 2
>> }
>>
>>
>> root at ns02:/usr/local/src/tac_plus_v9a#
>>
>>
>>
>> john heasley wrote:
>>> Tue, Sep 22, 2009 at 03:26:34PM -0800, Jason Jeremias:
>>>   
>>>> I downloaded the latest tac_plus software but I can't seem to get 
>>>> pap = PAM to work is this possible?  I need to authenticate ppp 
>>>> uses against pam.
>>>>     
>>>
>>> did you make any effort to use daemon debugging options to debug the
>>> problem that you'd like to mention?
>>>   
>>
>

More information about the tac_plus mailing list