[tac_plus] Rehash, PAM as default auth
Daniel Schmidt
daniel.schmidt at wyo.gov
Wed Mar 7 21:48:59 UTC 2012
I think it was incorporated. (or somebody correct me) I'm thinking the
syntax you want would be:
default authentication = PAM
user = DEFAULT {
member = silly_group
}
group = silly_group {
default service = permit
//services, do_auth, & whatever else
}
If you get it working, you may consider writing a howto. Some people have
offered advice, but I don't think anybody has written a detailed "howto"
especially one geared toward the "ldap-clueless."
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Brandon Ewing
Sent: Wednesday, March 07, 2012 2:10 PM
To: tac_plus at shrubbery.net
Subject: [tac_plus] Rehash, PAM as default auth
Greetings,
I've searched for a few hours now, on the list and in Google, but can't
seem to find my answer. I seem to remember there being a patch to allow
default authentication = PAM <servicename>
in the TACACS configuration file, and then defining a
user = <DEFAULT> {
}
authorization stanza to handle device and command authorization.
Despite all my googlin's, I am uanble to find any reference to this patch.
Can anyone provide some pointers?
--
Brandon Ewing
(nicotine at warningg.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20120307/fde40bfb
/attachment.bin>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
More information about the tac_plus
mailing list