[tac_plus] Re: PAM support via PAP??

Paul Vdovets pvdovets at gmail.com
Wed Sep 23 15:28:02 UTC 2009 

It also does support  pap = des so if you have to use pap you can at least
crypt the config  hardcoded password

On Wed, Sep 23, 2009 at 11:04 AM, john heasley <heas at shrubbery.net> wrote:

> Tue, Sep 22, 2009 at 04:28:31PM -0800, Jason Jeremias:
> > Oh also I removed all the comments from the config file that's why its
> > referencing line 50.   It looks to me like it just doesn't like the pap
> > = PAM, if I switch to login = PAM it works fine.
>
> Bad memory; pap auth currently only supports cleartext.  glancing at the
> code, there is no reason it couldnt be added, just has to be coded.
>
> > -J
> >
> > Jason Jeremias wrote:
> >> When I run it I get.
> >> root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -C
> >> /etc/tacacs/tac_plus.cfg -d 16
> >> Error: expecting 'cleartext', or 'des' keyword after 'pap =' on line 50
> >>
> >> So to check that I have pam I did a:
> >> root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -v
> >> tac_plus version F4.0.4.19
> >> ACLS
> >> FIONBIO
> >> LIBWRAP
> >> LINUX
> >> LITTLE_ENDIAN
> >> LOG_DAEMON
> >> PAM
> >> NO_PWAGE
> >> REAPCHILD
> >> RETSIGTYPE RETSIGTYPE
> >> SHADOW_PASSWORDS
> >> SIGTSTP
> >> SIGTTIN
> >> SIGTTOU
> >> SO_REUSEADDR
> >> STRERROR
> >> TAC_PLUS_PORT
> >> UENABLE
> >> __STDC__
> >>
> >> This told me that I do indeed have PAM compiled in.
> >>
> >>
> >> Here's my config file.
> >> root at ns02:/usr/local/src/tac_plus_v9a# cat /etc/tacacs/tac_plus.cfg
> >>
> >> key = testing12345
> >>
> >> # Now tacacs+ also use default PAM authentication
> >> #default authentication = pap PAM
> >>
> >> # Accounting records log file
> >>
> >> accounting file = /var/log/tac_acc.log
> >>
> >> user = DEFAULT {
> >>     #service = ppp protocol = lcp { idletime = 15 }
> >>     #service = ppp protocol = ip {}
> >>     #pap = PAM
> >>     #maxsess = 2
> >>     member = DEFAULT
> >> }
> >>
> >> group = DEFAULT {
> >>     service = ppp protocol = ip {}
> >>     pap = PAM
> >>     #maxsess = 2
> >> }
> >>
> >>
> >> root at ns02:/usr/local/src/tac_plus_v9a#
> >>
> >>
> >>
> >> john heasley wrote:
> >>> Tue, Sep 22, 2009 at 03:26:34PM -0800, Jason Jeremias:
> >>>
> >>>> I downloaded the latest tac_plus software but I can't seem to get
> >>>> pap = PAM to work is this possible?  I need to authenticate ppp
> >>>> uses against pam.
> >>>>
> >>>
> >>> did you make any effort to use daemon debugging options to debug the
> >>> problem that you'd like to mention?
> >>>
> >>
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>



-- 
Paul Vdovets
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090923/45d53539/attachment.html

More information about the tac_plus mailing list