[tac_plus] DEFAULT user and PAM

Daniel Schmidt daniel.schmidt at wyo.gov
Wed Aug 24 15:32:49 UTC 2016


If you compile pamtester, does it work?

On Wed, Aug 24, 2016 at 2:07 AM, heasley <heas at shrubbery.net> wrote:

> Tue, Aug 23, 2016 at 03:20:45PM -0700, Michael Costello:
> > Hi tac_plus,
> >
> > I know this question has been asked before[0], but I have not been
> > able to find the answer.
> >
> > I have an Ubuntu 14.04 machine with tac_plus F4.0.4.26 installed
> > through apt.  The box is configured correctly for LDAP through SSSD (I
> > can ssh into it using LDAP credentials).  And I can authenticate to a
> > router against tacacs using LDAP credentials iff my username is
> > explicitly configured in tac_plus.conf.
> >
> > user = me {
> >     login = PAM
> >     member = admin
> > }
> >
> > User 'me' is not in /etc/passwd.  If however I remove the user and
> > attempt to use the default user
> >
> > user = DEFAULT {
> >     login = PAM
> >     member = admin
> > }
> >
> > I cannot authenticate:
> >
> > Tue Aug 23 21:47:53 2016 [10793]: Authenticating ACLs for user
> > 'DEFAULT' instead of 'me'
> > Tue Aug 23 21:47:53 2016 [10793]: login query for 'me' ssh from 1.2.3.4
> rejected
> >
> > Is there any way to resolve this through configuration or using a
> > later version (the changelog from 4.0.4.26 to 4.0.4.28 does not
> > mention anything in regards to this)?  Or is what I'm after simply not
> > supported?
>
> I do not know of any reason that this should not work and i'd expect it
> to be needed, but I'll have to build a test environment to test and debug.
>
> > mc
> >
> > [0]
> > http://www.shrubbery.net/pipermail/tac_plus/2010-February/000667.html
> > http://www.shrubbery.net/pipermail/tac_plus/2010-January/000662.html
> >
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>

-- 

E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20160824/05f7b74d/attachment.html>


More information about the tac_plus mailing list