<div>Hi there...<br></div><div><br></div><div>The fisrt of all, sorry if this is not the apropiate method to ask you a question... If not, let me know.</div><div><br></div><div>We are using tacacs+ on a linux server who provides authentication for many cisco routers with users defined in tacacs's linux operating system. Till now, validation was against /etc/passwd file. The problem we have is that when user's password expires in linux operating system, the same user can continue logging into the routers without any error. </div>
<div><br></div><div>I've trying to avoid this using:</div><div><br></div><div>/etc/shadow (but I get always "password has expired" even with active passwordas account)</div><div>PAM we dont get any error and I can go telnet to our routers with our expired passwd.</div>
<div><br></div><div>Ive tried several tacacs versions and compiled several times with diferent options... </div><div><br></div><div>Do you know how can I deny access to our routers to users with password expired? </div><div>
<br></div><div>Thanks a lot.</div><div><br></div><div><br></div><div><br></div><div><br></div>