[tac_plus] Re: tac_plus with PAM on FreeBSD
john heasley
heas at shrubbery.net
Mon Mar 10 21:21:35 UTC 2008
Mon, Mar 10, 2008 at 04:01:46PM -0500, Joe Moore:
> I've been ports of running tac_plus4 in production for a few years on
> FreeBSD 4.x, 5.x, 6.x and now 7.0. Somewhere during a 6.x "build world"
> update, authenticating to "file /etc/passwd" stopped working. I didn't
> have time to troubleshoot so I went with DES passwords which are now too
> cumbersome to use with our newer, stricter corporate password policies.
>
>
>
> I had no luck fixing the "files /etc/passwd" authentication so I tried
is your /etc/passwd using md5 pwds?
> And this /etc/pam.d/tac_plus :
>
> # auth
> auth sufficient pam_tacplus.so
>
> # account
> account sufficient pam_tacplus.so
>
> # session
> session sufficient pam_tacplus.so
I'm not a PAM wizard, but I don't think that you want pam_tacplux.so. That
resembles a loop. You want something like
password required pam_unix.so no_warn try_first_pass
ie: tacplusd->pam->unix_pwd_file. IIRC, when I tested PAM support, I just
copied ssh's config.
More information about the tac_plus
mailing list