[tac_plus] Problems getting tac_plus work with PAM auth on NetBSD
Fredrik Pettai
pettai at nordu.net
Thu Nov 24 14:53:02 UTC 2011
Hi,
I don't get the PAM authentication going on NetBSD 5. It always reject the PAM requests.
Ordinary auth from the tac_plus.conf works fine, and the pam conf works fine with for example ssh...
I don't see any compilation errors for tacacs-shrubbery either. (compiled from pkgsrc-wip)
Host:
NetBSD guineapig 5.1_RC3 NetBSD 5.1_RC3 (GENERIC) #1: Sun Jul 4 01:38:35 CEST 2010 root at guineapig:/usr/obj/sys/arch/amd64/compile/GENERIC amd64
---
tac_plus conf:
user = tug1 {
login = PAM
name = "Training account 1"
member = staff
expires = "Dec 17 2011"
}
---
Pam conf:
# $NetBSD: system,v 1.8 2008/03/26 11:31:17 lukem Exp $
#
# System-wide defaults
#
# auth
auth required pam_nologin.so no_warn
auth required pam_unix.so no_warn try_first_pass nullok
# account
account required pam_login_access.so
account required pam_unix.so
# session
session required pam_permit.so
#session required pam_lastlog.so no_fail no_nested
# password
password required pam_unix.so no_warn try_first_pass
---
The log, (tac_plus running with -d4088)
Nov 24 09:35:15 guineapig tac_plus[22386]: Reading config
Nov 24 09:35:15 guineapig tac_plus[22386]: Version F4.0.4.19 Initialized 1
Nov 24 09:38:52 guineapig tac_plus[1351]: session.peerip is 193.10.255.73
Nov 24 09:38:52 guineapig tac_plus[7542]: connect from 193.10.255.73 [193.10.255.73]
Nov 24 09:38:52 guineapig tac_plus[7542]: Error 193.10.255.73 unknown-port: PAM_PROMPT_ECHO_OFF
Nov 24 09:38:52 guineapig tac_plus[7542]: login query for 'tug1' unknown-port from 193.10.255.73 rejected
Nov 24 09:38:52 guineapig tac_plus[7542]: login failure: tug1 193.10.255.73 (193.10.255.73) unknown-port
Any Ideas what might be wrong?
Does the tac_plus server have insufficient credentials running as a non-root user to perform pam lookups?
Regards,
/P
More information about the tac_plus
mailing list