[tac_plus] using a passwd file

Munroe Sollog mus3 at Lehigh.EDU
Fri Apr 11 14:57:32 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm working on getting tacacs+ configured to use a passwd file.  I've created a temporary one with
a dummy password for testing:

luser:$1$96948aad$3z1Q25KrTmwzEJvEaAEfw.:15322:0:99999:7:::


However, when I try to log in using the file I get the following debug lines:

connect from 192.168.4.12 [192.168.4.12]
tac_passwd_lookup: open /usr/local/etc/tac_passwd_file 6
tac_passwd_lookup: close /usr/local/etc/tac_passwd_file 6
verify barfoo $1$96948aad$3z1Q25KrTmwzEJvEaAEfw.
barfoo encrypts to $1$96948aad$3z1Q25KrTmwzEJvEaAEfw.
Password is correct
Password has expired ::
login query for 'luser' port tty1 from 192.168.4.12 rejected
login failure: luser 192.168.4.12 (192.168.4.12) tty1


My understanding of the shadow file notation is that '99999' should be 'days until password expires'

I checked the date on both the device and the server they are synced correctly.

Here is the stanza for that user in my conf

user = luser{
     default service = permit
#     login = cleartext barfoo
     login = file /usr/local/etc/tac_passwd_file
     service = exec {
             priv-lvl = 15
             }
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJTSALbAAoJEPbbZiWCKDVCs8sH/jxXqW5v2Vps0gh7v2yZvDtn
0lP4DQnDNKnxankOX/gQevS3ClZoxIDQh+s98qv8LuxqOMX3Ki6uW/sAEu8tfg9r
N5HnZWVLlQI4T+6oNQaGRqH/KGxAH9u6DtM7DM9Gau3VvugsUNEZGp7FTh1vw7B/
8F4T+f+8Z/AFKmjOUp/9wlY8dSoBQHUAY7k5Ybi/6BTraBuxVgZe03O3Ulc6adRN
d0TmN2GwQ7xvu42FiXsstjIW7bPXoUKdiCmHFYzVXaXzu9hnGRwRFTgr2yFKqh6V
YOSybq+hV+gE93BI0oGFwhFIYub6jLX4vXlACFYj9fJTuxu11xwhvGbwAb7Xj8E=
=qULd
-----END PGP SIGNATURE-----


More information about the tac_plus mailing list