[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and TACACS+



> Is there a PAM plugin for the TACACS+ authentication?

I don't think so but a friend of mine wrote a simple routine
that does tacacs authentication. If I can find on my archives
his e-mail you could use it as a base for hacking (perhaps
with the aid of pam_auth_radius or some other module)

> It'd be really useful on our campus for our linux mail server and news
> server.  Right now, for auth on the mail server, we're running a horrible
> perl hack that manually hacks passwords from tacacs+ into /etc/passwd and
> I'd like to see us move away from that, especially for sendmail and
> pop3/imap authentication. Thanks!

there is another way, you can install a radius server and the
tacp2radd conversion utility from

http://www.cistron.nl/~miquels/radius/portslave.html

(it will sit around listening tacacs connections, translating them
to radius and sending back the responses from the radius server
in tacacs format)

with it, you can use the pam_auth_radius or pam_lradius modules

> -Woodstock

!3runo



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []