[tac_plus] password expiration with PAM?
Morty
morty+tac_plus at frakir.org
Thu May 26 05:11:34 UTC 2011
I'm testing tacacs+-F4.0.4.19 under Solaris.
I've got users with LOGIN=PAM. I set the password to be expired
(i.e. I faked out the age in /etc/shadow to be 1000 days, with a max
age of 60 days). Other subsystems using PAM, i.e. openssh and
radiusd, do not allow the user to login; openssh provides a useful
prompt, while radiusd just fails to allow the login for devices that
utilize radiusd. But when the user logs in to a device using the
tac_plus server, the login succeeds.
This seems like a bug.
- Morty
More information about the tac_plus
mailing list