[tac_plus] DEFAULT user and PAM
heasley
heas at shrubbery.net
Wed Aug 24 08:07:26 UTC 2016
Tue, Aug 23, 2016 at 03:20:45PM -0700, Michael Costello:
> Hi tac_plus,
>
> I know this question has been asked before[0], but I have not been
> able to find the answer.
>
> I have an Ubuntu 14.04 machine with tac_plus F4.0.4.26 installed
> through apt. The box is configured correctly for LDAP through SSSD (I
> can ssh into it using LDAP credentials). And I can authenticate to a
> router against tacacs using LDAP credentials iff my username is
> explicitly configured in tac_plus.conf.
>
> user = me {
> login = PAM
> member = admin
> }
>
> User 'me' is not in /etc/passwd. If however I remove the user and
> attempt to use the default user
>
> user = DEFAULT {
> login = PAM
> member = admin
> }
>
> I cannot authenticate:
>
> Tue Aug 23 21:47:53 2016 [10793]: Authenticating ACLs for user
> 'DEFAULT' instead of 'me'
> Tue Aug 23 21:47:53 2016 [10793]: login query for 'me' ssh from 1.2.3.4 rejected
>
> Is there any way to resolve this through configuration or using a
> later version (the changelog from 4.0.4.26 to 4.0.4.28 does not
> mention anything in regards to this)? Or is what I'm after simply not
> supported?
I do not know of any reason that this should not work and i'd expect it
to be needed, but I'll have to build a test environment to test and debug.
> mc
>
> [0]
> http://www.shrubbery.net/pipermail/tac_plus/2010-February/000667.html
> http://www.shrubbery.net/pipermail/tac_plus/2010-January/000662.html
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
More information about the tac_plus
mailing list