[tac_plus] DEFAULT user and PAM

heasley heas at shrubbery.net
Wed Aug 24 08:07:26 UTC 2016


Tue, Aug 23, 2016 at 03:20:45PM -0700, Michael Costello:
> Hi tac_plus,
> 
> I know this question has been asked before[0], but I have not been
> able to find the answer.
> 
> I have an Ubuntu 14.04 machine with tac_plus F4.0.4.26 installed
> through apt.  The box is configured correctly for LDAP through SSSD (I
> can ssh into it using LDAP credentials).  And I can authenticate to a
> router against tacacs using LDAP credentials iff my username is
> explicitly configured in tac_plus.conf.
> 
> user = me {
>     login = PAM
>     member = admin
> }
> 
> User 'me' is not in /etc/passwd.  If however I remove the user and
> attempt to use the default user
> 
> user = DEFAULT {
>     login = PAM
>     member = admin
> }
> 
> I cannot authenticate:
> 
> Tue Aug 23 21:47:53 2016 [10793]: Authenticating ACLs for user
> 'DEFAULT' instead of 'me'
> Tue Aug 23 21:47:53 2016 [10793]: login query for 'me' ssh from 1.2.3.4 rejected
> 
> Is there any way to resolve this through configuration or using a
> later version (the changelog from 4.0.4.26 to 4.0.4.28 does not
> mention anything in regards to this)?  Or is what I'm after simply not
> supported?

I do not know of any reason that this should not work and i'd expect it
to be needed, but I'll have to build a test environment to test and debug.

> mc
> 
> [0]
> http://www.shrubbery.net/pipermail/tac_plus/2010-February/000667.html
> http://www.shrubbery.net/pipermail/tac_plus/2010-January/000662.html
> 
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus



More information about the tac_plus mailing list