[tac_plus] Adding users to tacacs passwd file

john heasley heas at shrubbery.net
Wed Aug 18 16:27:39 UTC 2010


Wed, Aug 18, 2010 at 08:34:06AM -0500, Jeffrey S. Geist:
> We don't see any information in the /var/log/tacacs.log file. We assume that
> no information will happen in this file until we authenticate with tacacs.

non-accounting logging prefers syslog.  also see the -d option.

> We do have tacacs running on another CentOS server but we are not using the
> passwd/shadow files. We are using a passwd file that has username and
> encrypted passwd in the same file (auth-passwd). We are able to authenticate
> to this server. This custom passwd file was created by a Solaris script on a
> Solaris server. We are trying to get away from Solaris.

afaik, linux/centos is a shadow password machine.  anytime you use the
file name /etc/passwd, tacacs uses getspnam() to retrieve the DES so
that locking & /etc/shadow handling is supplied.  if you really want
to use your password crypts in /etc/passwd, symlink /etc/tac_plus.pwd
to /etc/passwd.


More information about the tac_plus mailing list