[tac_plus] Extend "default authentication" using "PAM"
mkouhei at gmail.com
Wed Oct 30 17:10:52 UTC 2013
I customised tacplus related "default authentication" top level
directive to enable to use PAM.
The purpose of my change:
I usually manage user accounts of servers using LDAP.
I want to centrally manage an LDAP also account management of network
devices in the same way.
I looked at following note(*1),
and I understand that it is possible to manage with LDAP through PAM modules
using "login = PAM" in each group directive or each user directive.
But This method required to change tac_plus.conf when adding or removing users.
I want to manage using only LDAP.
So, I have to be able to use the PAM in the default authentication.
This change eliminates the need for user management in tacplus.
I attach the patch for "F188.8.131.52" version.
This version is the same version of tacacs + package of Debian GNU /
Linux Sid current. (184.108.40.206-3)
In addition, I've created a patch to the version for the Debian GNU /
for use in the production environment normal. (220.127.116.11-11)
I have published these unofficial Debian source package patched on
GitHub. (*2, *3)
*2: for Sid
*3: for Wheezy
If thats ok, would you merge my patch?
Kouhei Maeda <mkouhei at gmail.com | palmtb.net >
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3535 bytes
Desc: not available
More information about the tac_plus