[tac_plus] tacacs+ for console logins

[Vyasraj (ವ್ಯಾಸರಾಜ)]

Hello there,

First of all thanks a lot for helping us in setting up tacacs access in our
systems.

We've have enabled a tacacs access to our server with 3 tacacs server
details

auth    [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=1.1.1.1 secret=test1234 debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=192.168.5.10 secret=test1234
service=test  protocol=ssh debug
auth    [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=2.2.2.2 secret=test 111  debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=2.2.2.2 secret=test 111 service=test
protocol=ssh debug
auth    [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=3.3.3.3 secret=test 222  debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=3.3.3.3 secret=test 222 service=test
protocol=ssh debug
auth    [success=done default=bad authinfo_unavail=bad ignore=ignore]
/lib/security/pam_tacplus.so server=4.4.4.4 secret=test 333  debug
account [success=done default=bad ignore=ignore]
/lib/security/pam_tacplus.so server=4.4.4.4 secret=test 333 service=test
protocol=ssh debug

For sshd,  all the server are tried one after the other and login falls
back to local. When we login though serial console, its observed that for
each tacacs+ server, we need to enter password. Hence for  4 servers in the
file, we end up entering passworing 4 times.

Is there a way we can over come this and make it similar behaviour as that
of sshd ?

Thanks
Vyasraj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20181214/b0edaacc/attachment.html>