[tac_plus] linux pam and ldap - or just linux pam
Asif Iqbal
vadud3 at gmail.com
Mon Aug 5 19:54:05 UTC 2013
This is how we setup our tac_plus with libpam_ldap on ubuntu
# sudo apt-get install build-essential libpam0g-dev gcc flex bison
libwrap0-dev libpam-ldap
# (compile tac_plus and it should find pam libraries)
# cat /etc/pam.d/tac_plus
auth sufficient pam_ldap.so
# cat /etc/tacacs.conf
....
user = foo {
login = PAM
member = bar
}
...
# cat /etc/ldap.conf
base ou=People,dc=example,dc=com
uri ldaps://192.168.1.10:1636 ldaps://192.168.1.11:1636
ldap_version 3
binddn uid=mybinduid,ou=people,dc=example,dc=com
bindpw secret
pam_password crypt
nss_initgroups_ignoreusers
Gaxfrdns,Gdnscache,Gdnslog,Gtinydns,avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hobbit,hplip,irc,kernoops,landscape,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data
# cat /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/company.cer
TLS_REQCERT never
Hopefully I did not miss anything.
On Sun, Aug 4, 2013 at 12:28 PM, heasley <heas at shrubbery.net> wrote:
> If you're a user of tac_plus on linux with pam, I'd like to see your pam
> configuration to add to documentation to help others. I do not use linux
> or ldap, but others request configuration help often. TIA.
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130805/e22258d2/attachment.html>
More information about the tac_plus
mailing list