[tac_plus] linux pam and ldap - or just linux pam

heasley heas at shrubbery.net
Thu Aug 8 19:30:32 UTC 2013


Mon, Aug 05, 2013 at 03:54:05PM -0400, Asif Iqbal:
> This is how we setup our tac_plus with libpam_ldap on ubuntu
> 
> # sudo apt-get install build-essential libpam0g-dev gcc flex bison
>  libwrap0-dev libpam-ldap
> # (compile tac_plus and it should find pam libraries)
> 
> # cat /etc/pam.d/tac_plus
> auth   sufficient        pam_ldap.so
> 
> # cat /etc/tacacs.conf
> ....
> user = foo {
>         login = PAM
>         member = bar
> }
> ...
> 
> # cat /etc/ldap.conf
> base ou=People,dc=example,dc=com
> uri  ldaps://192.168.1.10:1636 ldaps://192.168.1.11:1636
> ldap_version 3
> binddn uid=mybinduid,ou=people,dc=example,dc=com
> bindpw secret
> pam_password crypt
> nss_initgroups_ignoreusers
> Gaxfrdns,Gdnscache,Gdnslog,Gtinydns,avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hobbit,hplip,irc,kernoops,landscape,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data

those last two lines were wrapped, i presume.

Thanks

> # cat /etc/ldap/ldap.conf
> TLS_CACERT /etc/ssl/certs/company.cer
> TLS_REQCERT never
> 
> 
> Hopefully I did not miss anything.
> 
> 
> 
> On Sun, Aug 4, 2013 at 12:28 PM, heasley <heas at shrubbery.net> wrote:
> 
> > If you're a user of tac_plus on linux with pam, I'd like to see your pam
> > configuration to add to documentation to help others.  I do not use linux
> > or ldap, but others request configuration help often.  TIA.
> >
> 
> 
> 
> 
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
> >
> 
> 
> 
> -- 
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?


More information about the tac_plus mailing list