[tac_plus] Problem with TAC_PLUS and S/Key
Patrick Albert | GIP
patrick.albert at gip.com
Wed Jan 16 16:19:27 UTC 2013
Hello,
Like ninjabytes
(http://www.shrubbery.net/pipermail/tac_plus/2007-June/000097.html), I
have some trouble with "tac_plus with S/Key". Unfortunately, the
documentation about "tac_plus and S/Key" isn't really detailed.
The positive aspect:
tac_plus 4.0.4.26 works correctly (login on a NAS with cleartext
password: Done) and the libskey seems to work as well ("configure [...]
--with-skey" and the following "make" without error and the config
snippet "login = skey" was accepted while starting tac_plus).
I use the following config
user = fred {
default service = permit
login = skey
enable = skey
}
My question is now:
When I try to login as "fred" on my NAS, I see the message "Cannot
generate skey prompt for fred" in the tac_plus log file. In my opinion,
it's no wonder that this doesn't work because there is no password
configued for the user "fred" - and a skey challenge is build on a
sequence_no, seed and the users password, right? The user itself can
then calculate the response with the challenge string and its password.
So: Where can I enter the user's password for an skey authentication in
the tac_plus.conf?
Thanks in advance for your help,
Best regards,
Patrick Albert
--
Patrick Albert
__________________
*GIP Exyr GmbH*
Hechtsheimer Str. 35-37 | 55131 Mainz
Tel: +49 (0) 6131 / 80124 - 27 | Fax: +49 (0) 6131 / 80124 - 24
E-Mail: patrick.albert at gip.com <mailto:patrick.albert at gip.com> | Web:
www.gip.com <http://www.gip.com/>
Geschäftsführer: Dr. Bernd Reifenhäuser, Dr. Alexander Ebbes
Handelsregister: HRB 6870 - Amtsgericht Mainz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130116/82e9e5c6/attachment.html>
More information about the tac_plus
mailing list