[tac_plus] Rehash, PAM as default auth
Brandon Ewing
nicotine at warningg.com
Wed Mar 7 22:05:09 UTC 2012
On Wed, Mar 07, 2012 at 02:48:59PM -0700, Daniel Schmidt wrote:
> I think it was incorporated. (or somebody correct me) I'm thinking the
> syntax you want would be:
>
> default authentication = PAM
tac_plus F4.0.4.19 throws an error on this line, which is why I think a
patch is necessary -- I could've sworn there was one, but I can't find it.
>
> user = DEFAULT {
> member = silly_group
> }
>
> group = silly_group {
> default service = permit
> //services, do_auth, & whatever else
> }
This seems about right.
>
> If you get it working, you may consider writing a howto. Some people have
> offered advice, but I don't think anybody has written a detailed "howto"
> especially one geared toward the "ldap-clueless."
Definitely consider that. I already have incorporated a patch or two into
my tac_plus installation (mostly just using the user's auth for enable
password as well, for ASA devices), and need to write up support docs
internally anyway.
--
Brandon Ewing (nicotine at warningg.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120307/0a892136/attachment.bin>
More information about the tac_plus
mailing list