[tac_plus] multiple patches?
Alan McKinnon
alan.mckinnon at gmail.com
Thu Jul 26 05:32:21 UTC 2012
On Wed, 25 Jul 2012 14:25:33 +0000
Joe Moore <joe.moore at holidaycompanies.com> wrote:
> I have been running tac_plus 4.0.4.19 with the auth-fail-lock patch
> as required by our security assessor.
>
> I recently added some Nexus 5500 series switches to the network so
> now I have to deal with PAP authentication requests. Keeping plain
> text passwords in the tac_plus.conf file is not an option. I'm
> thinking about using the PAP/PAM patch for that.
>
> Can I apply both patches to the source code or do I have to choose
> one or the other?
The PAP passwords do not have to be plain-text, you can put the hashes in tac_plus.conf just like for regular login and enable.
Simply copy the "login" line and do an s/login/pap/
We have a substantial Nexus infrastructure here and that works just fine for us. No other authn changes were required. [As for authz - now that's a whole different story, that one took some work]
--
Alan McKinnon
alan.mckinnon at gmail.com
More information about the tac_plus
mailing list