Nexus does things a bit different. I wrote some on <a href="http://tacacs.org">tacacs.org</a>. You can use authorization OR the new roles - your choice. <br><br><div class="gmail_quote">On Wed, Jul 25, 2012 at 11:32 PM, Alan McKinnon <span dir="ltr"><<a href="mailto:alan.mckinnon@gmail.com" target="_blank">alan.mckinnon@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Wed, 25 Jul 2012 14:25:33 +0000<br>
Joe Moore <<a href="mailto:joe.moore@holidaycompanies.com" target="_blank">joe.moore@holidaycompanies.com</a>> wrote:<br>
<br>
> I have been running tac_plus 4.0.4.19 with the auth-fail-lock patch<br>
> as required by our security assessor.<br>
><br>
> I recently added some Nexus 5500 series switches to the network so<br>
> now I have to deal with PAP authentication requests. Keeping plain<br>
> text passwords in the tac_plus.conf file is not an option. I'm<br>
> thinking about using the PAP/PAM patch for that.<br>
><br>
> Can I apply both patches to the source code or do I have to choose<br>
> one or the other?<br>
<br>
</div>The PAP passwords do not have to be plain-text, you can put the hashes in tac_plus.conf just like for regular login and enable.<br>
<br>
Simply copy the "login" line and do an s/login/pap/<br>
<br>
We have a substantial Nexus infrastructure here and that works just fine for us. No other authn changes were required. [As for authz - now that's a whole different story, that one took some work]<br>
<span><font color="#888888"><br>
<br>
--<br>
Alan McKinnon<br>
<a href="mailto:alan.mckinnon@gmail.com" target="_blank">alan.mckinnon@gmail.com</a><br>
</font></span><div><div><br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br>
</div></div></blockquote></div><br>
<pre>E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.