[tac_plus] PAM for enable authentication

[Christopher J. Pilkington]

I'm attempting to use tac_plus for authentication for our firewalls
which do not support the "priv-lvl" method of auto-enabling users.

We normally use PAM for authentication.

We thought of doing enable = nopassword, but there is an attack where a
user can enable as themselves, then disable, then enable as another
user without a password.

I see enable only supports file, cleartext, nopassword or des. Would it
be possible for it to support PAM?

Thanks,
-cjp