[tac_plus] Adding users to tacacs passwd file
Jeffrey S. Geist
jeffrey.geist at pnpt.com
Wed Aug 18 17:52:56 UTC 2010
We created the symbolic link:
lrwxrwxrwx 1 root root 11 Aug 18 12:32 tac_plus.pwd -> /etc/passwd
and edited the tac_plus.cfg with "default authentication = file
/etc/tac_plus.pwd".
However, this did not correct the issue.
-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net]
Sent: Wednesday, August 18, 2010 11:28 AM
To: Jeffrey S. Geist
Cc: dterry at dollartree.com; Jarrod Ronhovde; tac_plus at shrubbery.net; 'Mark
Urbach'
Subject: Re: [tac_plus] Adding users to tacacs passwd file
Wed, Aug 18, 2010 at 08:34:06AM -0500, Jeffrey S. Geist:
> We don't see any information in the /var/log/tacacs.log file. We assume
that
> no information will happen in this file until we authenticate with tacacs.
non-accounting logging prefers syslog. also see the -d option.
> We do have tacacs running on another CentOS server but we are not using
the
> passwd/shadow files. We are using a passwd file that has username and
> encrypted passwd in the same file (auth-passwd). We are able to
authenticate
> to this server. This custom passwd file was created by a Solaris script on
a
> Solaris server. We are trying to get away from Solaris.
afaik, linux/centos is a shadow password machine. anytime you use the
file name /etc/passwd, tacacs uses getspnam() to retrieve the DES so
that locking & /etc/shadow handling is supplied. if you really want
to use your password crypts in /etc/passwd, symlink /etc/tac_plus.pwd
to /etc/passwd.
More information about the tac_plus
mailing list