[tac_plus] tac_plus coring Under FreeBSD 10.3-AMD64 with pam

Dan Mahoney dmahoney at isc.org
Thu Jul 27 09:54:03 UTC 2017


All,

This is a bit bewildering.  We have two systems running tac_plus, and after an upgrade to 10.3, tac_plus no longer wants to speak to PAM/Kerberos

Weirdly, the error we get when it dies seems to come from Kerberos, since the string “sha1 checksum failed” is not in any of the tac_plus code.

I’ve managed to fix this by installing an alternate pam_krb5 instead of the base one, but it’s still an odd error.

How could I collect more info to help debug this?

/usr/local/sbin/tac_plus -g -d 16 -d 32 -d 8 -C /usr/local/etc/tac_plus.conf -t -U root
Reading config
Version F4.0.4.28 Initialized 1
tac_plus server F4.0.4.28 starting
socket FD 5 AF 28
socket FD 7 AF 2
uid=0 euid=0 gid=559 egid=559 s=33649520
connect from 149.20.60.11 [149.20.60.11]
pam_verify dmahoney
pam_tacacs received 1 pam_messages
149.20.60.11 unknown-port: PAM_PROMPT_ECHO_OFF
tac_plus: sha1 checksum failed
Abort


More information about the tac_plus mailing list