[tac_plus] tacacs+ for console logins
Vyasraj (ವ್ಯಾಸರಾಜ)
vyasraj at gmail.com
Fri Dec 14 07:28:25 UTC 2018
Hello there,
First of all thanks a lot for helping us in setting up tacacs access in our
systems.
We've have enabled a tacacs access to our server with 3 tacacs server
details
auth [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=1.1.1.1 secret=test1234 debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=192.168.5.10 secret=test1234
service=test protocol=ssh debug
auth [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=2.2.2.2 secret=test 111 debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=2.2.2.2 secret=test 111 service=test
protocol=ssh debug
auth [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=3.3.3.3 secret=test 222 debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=3.3.3.3 secret=test 222 service=test
protocol=ssh debug
auth [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=4.4.4.4 secret=test 333 debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=4.4.4.4 secret=test 333 service=test
protocol=ssh debug
For sshd, all the server are tried one after the other and login falls
back to local. When we login though serial console, its observed that for
each tacacs+ server, we need to enter password. Hence for 4 servers in the
file, we end up entering passworing 4 times.
Is there a way we can over come this and make it similar behaviour as that
of sshd ?
Thanks
Vyasraj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20181214/b0edaacc/attachment.html>
More information about the tac_plus
mailing list