Pam-list Digest, Vol 38, Issue 6
Andreas Schindler
schindler at az1.de
Sat Apr 14 17:08:26 UTC 2007
pam-list-request at redhat.com wrote:
>
> Subject:
> Tacacs +PAM
> From:
> "Roberto Dud" <roberto.dud at gmail.com>
> Date:
> Thu, 12 Apr 2007 16:56:22 -0300
> To:
> pam-list at redhat.com
>
> To:
> pam-list at redhat.com
>
> Precedence:
> junk
> MIME-Version:
> 1.0
> Reply-To:
> Pluggable Authentication Modules <pam-list at redhat.com>
> Message-ID:
> <93b73b230704121256h30d2ebd0t2a939e92edae5d3a at mail.gmail.com>
> Content-Type:
> multipart/alternative; boundary="----=_Part_21615_5006272.1176407782942"
> Message:
> 7
>
>
> Hi Mrs,
>
> I have a Tacacs server to centralize autentication in my routers,
> switchs, cmts ... And I think I will use this infraestructure to
> centralize my authentication on my Linux Servers.
>
> I found on my seachs on google a PAM module to tacacs.
>
> Anyone know about or use this module?
>
> Thanks,
>
> Dud.
>
Dud,
i suppose you're talking of the tacacs+ client package published by some
Polish guy (don't remember the name
right now). The pam_tacacs module works quite fine. Soem quirks when
using tacacs 'accounting' (not to be confused
with PAM accounting, which is the equivalent to tacacs 'authorize').
There is a drawback in that the module supports only
one tacacs server. The workaround i took, was to stack the module twice,
each one with a different tacacs server.
Don't forget to switch on encryption. My configuration was:
auth sufficient pam_tacplus.so encrypt secret=FarAway
server=10.13.0.22
auth sufficient pam_tacplus.so encrypt secret=FarAway
server=10.14.1.69
BTW the above package includes 'tacc', a small line-mode tacacs client.
A fine tool when debugging the tacacs environment.
Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at az1.de
www.az1.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20070414/6c34134c/attachment.htm>
More information about the Pam-list
mailing list