[tac_plus] Problems getting tac_plus work with PAM auth on NetBSD

Thu Nov 24 22:39:25 UTC 2011

On Nov 24, 2011, at 18:14 , john heasley wrote:

> Thu, Nov 24, 2011 at 04:11:25PM +0100, Fredrik Pettai:
>> Pam conf:
> 
> is this file /etc/pam.d/tac_plus?

Yup

>> The log, (tac_plus running with -d4088)
>> 
>> Nov 24 09:35:15 guineapig tac_plus[22386]: Reading config
>> Nov 24 09:35:15 guineapig tac_plus[22386]: Version F4.0.4.19 Initialized 1
>> 
>> Nov 24 09:38:52 guineapig tac_plus[1351]: session.peerip is 193.10.255.xx
>> Nov 24 09:38:52 guineapig tac_plus[7542]: connect from 193.10.255.xx [193.10.255.xx]
>> Nov 24 09:38:52 guineapig tac_plus[7542]: Error 193.10.255.xx unknown-port: PAM_PROMPT_ECHO_OFF
>> Nov 24 09:38:52 guineapig tac_plus[7542]: login query for 'tug1' unknown-port from 193.10.255.xx rejected
>> Nov 24 09:38:52 guineapig tac_plus[7542]: login failure: tug1 193.10.255.xx (193.10.255.xx) unknown-port
>> 
>> Any Ideas what might be wrong?
> 
> try tac_plus' authentication debug option and see the individual pam module's
> man pages for options for debugging info.

Ok, that gave me a lot of output which I can't parse...

>> Does the tac_plus server have insufficient credentials running as a non-root user to perform pam lookups?
> 
> i'm not sure that it does; it would need to be able to read /etc/master.passwd.

I'll try running it as root, to see if that works better...

Re,
/P