Pam-list Digest, Vol 56, Issue 1
Nick Owen
nowen at wikidsystems.com
Fri Oct 3 18:29:24 UTC 2008
Andreas Schindler wrote:
> Dan,
>
> I've been quite deeply involved in the Tacacs+ development about a year
> ago.
> My works targeted to replace Cisco's tacacs server (which is still
> claimed 'alpha')
> with a completely rewritten daemon under GPL license. Unfortunately the
> work
> was suspended due to chancges in my daily duties
>
> To your problem with pam_tacplus: I'm still using this module
> successfully under
> Debian 'Lenny', so i suspect the Red-Hat pam environment to cause the
> problems.
> I suggest you try and exclude bugs in the tacplus library by using the
> 'tacc' utility
> to launch a test:
>
> tacc -T -u username -p password -k secret -s server
>
> On success, you pinned the problem to the pam environment, but the above
> message
>
> 'tac_author_read: inconsistent author reply body, incorrect key?'
>
> suspects a tacacs configuration error, especially an incorrect key
> (secret), which is
> CaSe- sensitve!
Thanks for the guidance. I was trying to do too much via tacacs. This
config worked:
auth include tacacs
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
Nick
--
Nick Owen
WiKID Systems, Inc.
404-962-8983 (desk)
http://www.wikidsystems.com
Two-factor authentication, without the hassle factor.
More information about the Pam-list
mailing list