[tac_plus] Re: PAM support via PAP??

Jason Jeremias jasonj at uui-alaska.com
Wed Sep 23 00:28:31 UTC 2009 

Oh also I removed all the comments from the config file that's why its 
referencing line 50.   It looks to me like it just doesn't like the pap 
= PAM, if I switch to login = PAM it works fine.

-J

Jason Jeremias wrote:
> When I run it I get.
> root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -C 
> /etc/tacacs/tac_plus.cfg -d 16
> Error: expecting 'cleartext', or 'des' keyword after 'pap =' on line 50
>
> So to check that I have pam I did a:
> root at ns02:/usr/local/src/tac_plus_v9a# /usr/local/bin/tac_plus -v
> tac_plus version F4.0.4.19
> ACLS
> FIONBIO
> LIBWRAP
> LINUX
> LITTLE_ENDIAN
> LOG_DAEMON
> PAM
> NO_PWAGE
> REAPCHILD
> RETSIGTYPE RETSIGTYPE
> SHADOW_PASSWORDS
> SIGTSTP
> SIGTTIN
> SIGTTOU
> SO_REUSEADDR
> STRERROR
> TAC_PLUS_PORT
> UENABLE
> __STDC__
>
> This told me that I do indeed have PAM compiled in.
>
>
> Here's my config file.
> root at ns02:/usr/local/src/tac_plus_v9a# cat /etc/tacacs/tac_plus.cfg
>
> key = testing12345
>
> # Now tacacs+ also use default PAM authentication
> #default authentication = pap PAM
>
> # Accounting records log file
>
> accounting file = /var/log/tac_acc.log
>
> user = DEFAULT {
>     #service = ppp protocol = lcp { idletime = 15 }
>     #service = ppp protocol = ip {}
>     #pap = PAM
>     #maxsess = 2
>     member = DEFAULT
> }
>
> group = DEFAULT {
>     service = ppp protocol = ip {}
>     pap = PAM
>     #maxsess = 2
> }
>
>
> root at ns02:/usr/local/src/tac_plus_v9a#
>
>
>
> john heasley wrote:
>> Tue, Sep 22, 2009 at 03:26:34PM -0800, Jason Jeremias:
>>   
>>> I downloaded the latest tac_plus software but I can't seem to get pap = 
>>> PAM to work is this possible?  I need to authenticate ppp uses against pam.
>>>     
>>
>> did you make any effort to use daemon debugging options to debug the
>> problem that you'd like to mention?
>>   
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090922/f6288443/attachment.html

More information about the tac_plus mailing list