[tac_plus] Tac_plus passwd expiration

[Francisco Fernandez]

Hi there...

The fisrt of all, sorry if this is not the apropiate method to ask you a
question... If not, let me know.

We are using tacacs+ on a linux server who provides authentication for many
cisco routers with users defined in tacacs's linux operating system. Till
now, validation was against /etc/passwd file. The problem we have is that
when user's password expires in linux operating system, the same user can
continue logging into the routers without any error.

I've trying to avoid this using:

/etc/shadow (but I get always "password has expired" even with active
passwordas account)
PAM we dont get any error and I can go telnet to our routers with our
expired passwd.

Ive tried several tacacs versions and compiled several times with diferent
options...

Do you know how can I deny access to our routers to users with password
expired?

Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20110221/98e8c49b/attachment.html>