[tac_plus] tac_plus and PAM

[heasley]

Fri, Dec 20, 2013 at 10:18:01AM -0500, Tucker Jones:
> Hello,
> 
> I am setting up a Centos server to run tac_plus and am trying to use it with PAM. Currently, I am trying to use tac_plus to authenticate users who are VPN'ing into the network. The users are able to VPN in however, the pam_tally2 is indicating is a bad login and incrementing the attempts so after a period of time the user gets locked out. I am sure it is some step I have missed in my configuration. I have seen where some other people had a similar problem but, I haven't seen what their resolution was. I did look in the past archives but, I didn't see anything specific to this. I apologize if I missed it.
> 
> My current tac_plus.conf appears like this. I just started testing this so it is only slightly modified from the default currently.

Since tacacs is authenticating users normally until pam_tally blocks them, I
expect the problem is mostly likely not related to tacacs at all.  It is
probably your pam configuartion for tacacs.  presumably, its the order that
the module appears or some module it relies upon is missing.  Compare the
config to another pam config that uses this module.