[tac_plus] using a passwd file

Munroe Sollog mus3 at Lehigh.EDU
Fri Apr 11 18:10:47 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found a few other posts talking about this problem and it looks like if I use the /etc/passwd
format *not* the /etc/shadow format and replace the 'x' with the actual hash, the authentication
seems to work correctly.


On 04/11/2014 10:57 AM, Munroe Sollog wrote:
> I'm working on getting tacacs+ configured to use a passwd file.  I've created a temporary one
> with a dummy password for testing:
> 
> luser:$1$96948aad$3z1Q25KrTmwzEJvEaAEfw.:15322:0:99999:7:::
> 
> 
> However, when I try to log in using the file I get the following debug lines:
> 
> connect from 192.168.4.12 [192.168.4.12] tac_passwd_lookup: open /usr/local/etc/tac_passwd_file
> 6 tac_passwd_lookup: close /usr/local/etc/tac_passwd_file 6 verify barfoo
> $1$96948aad$3z1Q25KrTmwzEJvEaAEfw. barfoo encrypts to $1$96948aad$3z1Q25KrTmwzEJvEaAEfw. 
> Password is correct Password has expired :: login query for 'luser' port tty1 from 192.168.4.12
> rejected login failure: luser 192.168.4.12 (192.168.4.12) tty1
> 
> 
> My understanding of the shadow file notation is that '99999' should be 'days until password
> expires'
> 
> I checked the date on both the device and the server they are synced correctly.
> 
> Here is the stanza for that user in my conf
> 
> user = luser{ default service = permit #     login = cleartext barfoo login = file
> /usr/local/etc/tac_passwd_file service = exec { priv-lvl = 15 } } 
> _______________________________________________ tac_plus mailing list tac_plus at shrubbery.net 
> http://www.shrubbery.net/mailman/listinfo/tac_plus
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJTSDAlAAoJEPbbZiWCKDVCTD4H/1CCgBiIyTx4i046/YG16PWu
QzSrd9f5sDJrnUo/mOzHK4NjfbF9iGeP9szGLOA0OnEuaQzARCn7P259qKeznz7r
2g4TWP0T1K0judt5GgCY1zHgrYPgC0UDJsDbz7YDz/hVt4QqUF/apfQvg5NvKQ90
ffTrlHcf5deYBuKQ7ujWJBAzlnf0iWmIeUKzc9AUIpFbPuEuGytwsDmO3PmIUzeA
dFmPoAA5rpv4pOHkUJEf7SHxafzC2nPcv4bDpvigXAR6oLatrbPk5GVzozRd20oO
cTi5eEGF5zcPqvd0FVaBg33oNl685/PhvEKXsbEz3AXI4th3a6hrwjauMV3pj5Y=
=0BNo
-----END PGP SIGNATURE-----

More information about the tac_plus mailing list