[tac_plus] Rehash, PAM as default auth
Jon Nathan
jnathan at salesforce.com
Thu Mar 8 15:20:10 UTC 2012
http://www.shrubbery.net/pipermail/tac_plus/2011-May/000882.html
-Jon
On 3/7/12 5:05 PM, "Brandon Ewing" <nicotine at warningg.com> wrote:
> On Wed, Mar 07, 2012 at 02:48:59PM -0700, Daniel Schmidt wrote:
>> I think it was incorporated. (or somebody correct me) I'm thinking the
>> syntax you want would be:
>>
>> default authentication = PAM
>
> tac_plus F4.0.4.19 throws an error on this line, which is why I think a
> patch is necessary -- I could've sworn there was one, but I can't find it.
>
>>
>> user = DEFAULT {
>> member = silly_group
>> }
>>
>> group = silly_group {
>> default service = permit
>> //services, do_auth, & whatever else
>> }
>
> This seems about right.
>
>>
>> If you get it working, you may consider writing a howto. Some people have
>> offered advice, but I don't think anybody has written a detailed "howto"
>> especially one geared toward the "ldap-clueless."
>
> Definitely consider that. I already have incorporated a patch or two into
> my tac_plus installation (mostly just using the user's auth for enable
> password as well, for ASA devices), and need to write up support docs
> internally anyway.
>
> --
> Brandon Ewing (nicotine at warningg.com)
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: not available
> URL:
> <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120307/0a892136/att
> achment.bin>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
More information about the tac_plus
mailing list