[tac_plus] Re: Misc Items

Todd Bertolozzi tbertolozzi at msufcu.org
Wed Apr 29 21:02:21 UTC 2009 

This actually seems to be something related to SSH or something dumb I'm
missing. When using telnet I receive the Username prompt as expected and
I can modify the tac_plus.conf file to change that prompt around to my
choice.

When using SSH I get a "login as:" prompt which doesn't seem to be too
much of an issue. I have noticed though that if I log in with a null
username it drops out into "@hostname password:" which I prefer it not
do obviously. I also seem to have some issues with retry timeouts. I
can't seem to limit them in the conf file or on the NAS. Here's a sample
of what I was working with. Things have probably been changed around a
bit since last I looked at it.

aaa authentication login default group tacacs+ local enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated 
aaa authorization commands 0 default group tacacs+ if-authenticated 
aaa authorization commands 1 default group tacacs+ if-authenticated 
aaa authorization commands 15 default group tacacs+ if-authenticated 
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

Thanks,

Todd



-----Original Message-----
From: Sunmeet Saluja [mailto:Sunmeet.Saluja at air2web.com] 
Sent: Wednesday, April 29, 2009 3:27 PM
To: Todd Bertolozzi; tac_plus at shrubbery.net
Subject: RE: [tac_plus] Re: Misc Items

Can you please post the aaa configs from the NAS that you are working
with.

Thanks,

Sunmeet Saluja

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Todd Bertolozzi
Sent: Thursday, April 23, 2009 8:42 AM
To: tac_plus at shrubbery.net
Subject: [tac_plus] Re: Misc Items

Can anyone point me in the right direction as far as why the daemon
isn't providing a Username: prompt? I assume it is supposed to?

Thanks,

Todd

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Todd Bertolozzi
Sent: Tuesday, April 21, 2009 2:49 PM
To: tac_plus at shrubbery.net
Subject: [tac_plus] Misc Items

Hello people,

 

I've been searching around for answers to a few questions but haven't
had much luck.  Thanks in advance for anyone who can either answer or
point me in the right direction.

 

-          I'm used to seeing the Username prompt when using tacacs.
However, I don't get that prompt. Is that available with tac_plus and if
so can I set the username prompt in the conf file so that I know it's
actually hitting the tac_plus server.

-          Are there other login options that can be set in the conf
file such as max number of failed connection attempts? I don't really
see anything in the man page. Currently there appears to be no limit.
Some of device commands like certain aaa commands don't appear to have
an effect (i.e.  aaa authentication attempts login 3).  The only thing I
really see in the man pages is a password 'expires' option.

-          What about a login timeout? I am able to set 'ip ssh time-out
x'  that actually works but if I set the above aaa command or a 'ip ssh
authentication-retries 3' it has no effect.

 

Thanks,

 

Todd



-------------------------------------------------------
This electronic transmission and any information that it contains is the
property of MSU Federal Credit Union and is intended for the use of the
intended recipient. If you are not the intended recipient, any
disclosure, copying or other use of this information is strictly
prohibited. If you acquired this transmission in error or feel that any
of the information contained within it is offensive or inappropriate,
please contact internalaudit at msufcu.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.shrubbery.net/pipermail/tac_plus/attachments/20090421/edafbb1
3/attachment.html 
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus


-------------------------------------------------------
This electronic transmission and any information that it contains is the
property of MSU Federal Credit Union and is intended for the use of the
intended recipient. If you are not the intended recipient, any
disclosure, copying or other use of this information is strictly
prohibited. If you acquired this transmission in error or feel that any
of the information contained within it is offensive or inappropriate,
please contact internalaudit at msufcu.org.
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus


-------------------------------------------------------
This electronic transmission and any information that it contains is the property of MSU Federal Credit Union and is intended for the use of the intended recipient. If you are not the intended recipient, any disclosure, copying or other use of this information is strictly prohibited. If you acquired this transmission in error or feel that any of the information contained within it is offensive or inappropriate, please contact internalaudit at msufcu.org.

More information about the tac_plus mailing list