[tac_plus] multiple patches?
Daniel Schmidt
daniel.schmidt at wyo.gov
Fri Jul 27 04:23:48 UTC 2012
Nexus does things a bit different. I wrote some on tacacs.org. You can
use authorization OR the new roles - your choice.
On Wed, Jul 25, 2012 at 11:32 PM, Alan McKinnon <alan.mckinnon at gmail.com>wrote:
> On Wed, 25 Jul 2012 14:25:33 +0000
> Joe Moore <joe.moore at holidaycompanies.com> wrote:
>
> > I have been running tac_plus 4.0.4.19 with the auth-fail-lock patch
> > as required by our security assessor.
> >
> > I recently added some Nexus 5500 series switches to the network so
> > now I have to deal with PAP authentication requests. Keeping plain
> > text passwords in the tac_plus.conf file is not an option. I'm
> > thinking about using the PAP/PAM patch for that.
> >
> > Can I apply both patches to the source code or do I have to choose
> > one or the other?
>
> The PAP passwords do not have to be plain-text, you can put the hashes in
> tac_plus.conf just like for regular login and enable.
>
> Simply copy the "login" line and do an s/login/pap/
>
> We have a substantial Nexus infrastructure here and that works just fine
> for us. No other authn changes were required. [As for authz - now that's a
> whole different story, that one took some work]
>
>
> --
> Alan McKinnon
> alan.mckinnon at gmail.com
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120726/271d017d/attachment.html>
More information about the tac_plus
mailing list