[tac_plus] TACACS+ Authorization via LDAP

Daniel Schmidt daniel.schmidt at wyo.gov
Thu Nov 7 15:52:56 UTC 2013


What would you authorize on?  Privilege level or commands?  I'm trying to
imagine how ldap authorization would work.


On Wed, Nov 6, 2013 at 8:54 PM, Sachin.6.Gupta
<SG00123446 at techmahindra.com>wrote:

> Thanks Heas for clarifying.
>
> However, I need to the following: Authentication via LDAP (using PAM I
> guess) and Authorization and Accounting as it happens.
> But for Authorization how would I configure Users and Groups in TACACS+
> when the same would be configured in LDAP.
>
> Is there a how to link for this? Authentication via LDAP and Authorization
> also?
>
> TIA
>
> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net]
> Sent: Wednesday, November 06, 2013 10:39 PM
> To: Sachin.6.Gupta
> Cc: heasley; tac_plus at shrubbery.net
> Subject: Re: [tac_plus] TACACS+ Authorization via LDAP
>
> Wed, Nov 06, 2013 at 12:12:22PM +0530, Sachin.6.Gupta:
> > I found one link which states that Authorization via LDAP is not
> possible.
> > http://www.shrubbery.net/pipermail/tac_plus/2009-January/000332.html
> >
> > Quote:
> > "Currently, tac_plus only allows authentication using pam (since pam is
> only used for authentication anyway). Authorizations are still configured
> within the conf file, no ldap groups allowed :("
>
> sorry, i misread it - there is no facility for authorization via pam (or
> ldap).
>
> > Regards
> >
> > -----Original Message-----
> > From: tac_plus-bounces at shrubbery.net [mailto:
> tac_plus-bounces at shrubbery.net] On Behalf Of Sachin.6.Gupta
> > Sent: Wednesday, November 06, 2013 12:07 PM
> > To: heasley
> > Cc: tac_plus at shrubbery.net
> > Subject: Re: [tac_plus] TACACS+ Authorization via LDAP
> >
> > Thanks. Can you please provide more details on using PAM (LDAP) for
> Authorization?
> > Any links or mails would be helpful.
> >
> > -----Original Message-----
> > From: heasley [mailto:heas at shrubbery.net]
> > Sent: Wednesday, November 06, 2013 12:05 PM
> > To: Sachin.6.Gupta
> > Cc: tac_plus at shrubbery.net
> > Subject: Re: [tac_plus] TACACS+ Authorization via LDAP
> >
> > Wed, Nov 06, 2013 at 11:02:46AM +0530, Sachin.6.Gupta:
> > > Hi All,
> > >
> > > Is it possible to do TACACS+ Authorization via LDAP?
> > > I know that Authentication can be done via LDAP, but is TACACS+
> authorization also possible?
> >
> > yes, via PAM.
> >
> >
> ============================================================================================================================Disclaimer:
>  This message and the information contained herein is proprietary and
> confidential and subject to the Tech Mahindra policy statement, you may
> review the policy at <a href="http://www.techmahindra.com/Disclaimer.html
> ">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="
> http://tim.techmahindra.com/tim/disclaimer.html">
> http://tim.techmahindra.com/tim/disclaimer.html</a> internally within
> Tech
> Mahindra.============================================================================================================================
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
> >
> ============================================================================================================================Disclaimer:
>  This message and the information contained herein is proprietary and
> confidential and subject to the Tech Mahindra policy statement, you may
> review the policy at <a href="http://www.techmahindra.com/Disclaimer.html
> ">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="
> http://tim.techmahindra.com/tim/disclaimer.html">
> http://tim.techmahindra.com/tim/disclaimer.html</a> internally within
> Tech
> Mahindra.============================================================================================================================
>
> ============================================================================================================================Disclaimer:
>  This message and the information contained herein is proprietary and
> confidential and subject to the Tech Mahindra policy statement, you may
> review the policy at <a href="http://www.techmahindra.com/Disclaimer.html
> ">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="
> http://tim.techmahindra.com/tim/disclaimer.html">
> http://tim.techmahindra.com/tim/disclaimer.html</a> internally within
> Tech
> Mahindra.============================================================================================================================
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20131107/f29433aa/attachment.html>


More information about the tac_plus mailing list