Pam-list Digest, Vol 38, Issue 6
Nick Owen
nowen at wikidsystems.com
Mon Apr 16 21:42:31 UTC 2007
> Mon Apr 16 17:31:11 2007 [26137]: db_get_host: getting hkey from nas(IP)
> Mon Apr 16 17:31:11 2007 [26137]: Error verify: failed - could not
> authenticate for user 'root' on NAS 'IP'
> Mon Apr 16 17:31:11 2007 [26137]: default_fn: pap-login query for 'root'
> ssh from IP rejected
Looks like your server is expecting a pap login, which, IIRC, is
unencrypted. I suggest trying to remove chap on the client (removing
the "secret=MySecret encrypt" ") or enabling Chap on the server.
Obviously, the latter is better. I haven't played with the tacacs in a
while, though and I could be way off base.
HTH,
Nick
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen
More information about the Pam-list
mailing list