[tac_plus] Problems getting tac_plus work with PAM auth on NetBSD

[john heasley]

Thu, Nov 24, 2011 at 04:11:25PM +0100, Fredrik Pettai:
> Pam conf:

is this file /etc/pam.d/tac_plus?

> The log, (tac_plus running with -d4088)
> 
> Nov 24 09:35:15 guineapig tac_plus[22386]: Reading config
> Nov 24 09:35:15 guineapig tac_plus[22386]: Version F4.0.4.19 Initialized 1
> 
> Nov 24 09:38:52 guineapig tac_plus[1351]: session.peerip is 193.10.255.xx
> Nov 24 09:38:52 guineapig tac_plus[7542]: connect from 193.10.255.xx [193.10.255.xx]
> Nov 24 09:38:52 guineapig tac_plus[7542]: Error 193.10.255.xx unknown-port: PAM_PROMPT_ECHO_OFF
> Nov 24 09:38:52 guineapig tac_plus[7542]: login query for 'tug1' unknown-port from 193.10.255.xx rejected
> Nov 24 09:38:52 guineapig tac_plus[7542]: login failure: tug1 193.10.255.xx (193.10.255.xx) unknown-port
> 
> Any Ideas what might be wrong?

try tac_plus' authentication debug option and see the individual pam module's
man pages for options for debugging info.

> Does the tac_plus server have insufficient credentials running as a non-root user to perform pam lookups?

i'm not sure that it does; it would need to be able to read /etc/master.passwd.