[tac_plus] PAM and PAP
Jon Nathan
jnathan at salesforce.com
Fri Jun 17 16:07:34 UTC 2011
We're using this patch to do PAP via PAM and it's working nicely for us.
http://www.shrubbery.net/pipermail/tac_plus/2011-May/000882.html
-Jon
On 6/17/11 2:35 AM, "Morty" <morty+tac_plus at frakir.org> wrote:
> I'm running tacacs+-F4.0.4.19 under Solaris.
>
> I've got users with LOGIN=PAM. This works fine for IOS and the Perl
> Authen::TacacsPlus module. It does not appear to work for some other
> devices. With debug enabled, the logs show:
>
> Mon Jun 13 21:41:07 2011 [17455]: session.peerip is $IP
> Mon Jun 13 21:41:07 2011 [29501]: connect from $hostname [$IP]
> Mon Jun 13 21:41:07 2011 [29501]: pap-login query for '$user' 0 from $hostname
> rejected
> Mon Jun 13 21:41:07 2011 [29501]: login failure: $user $hostname ($IP) 0
>
> Google finds a patch for this, but it comes with big caveats:
>
> http://peterton.org/?p=17
>
> Is there a solution for this?
>
> Thanks.
>
> - Morty
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list