PAM Tacacs Authentications
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Unix and Linux reviews > Free Unix support > Unix administration > PAM Tacacs Authentications




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    PAM Tacacs Authentications  
Brian E. Seppanen


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
08-23-04 10:55 PM

I am working on using pam_tacplus to authenticate a linux host and
several solaris hosts to a CiscoSecure ACS Server.   In the current
configuration I can authenticate if the tacacs server is down -- but the
network connectivity to the host has to be available or authentication
times out.   Here is a sample sshd configuration from /etc/pam.conf

sshd auth required pam_nologin.so


sshd auth [ success=done new_authtok_reqd=done authinfo_unavail=reset
default=reset ] pam_tacplus.so first_hit server=192.168.1.1
server=192.168.1.2 secret=secret encrypt
sshd auth [ success=done new_authtok_reqd=done ignore=ignore default=die
] pam_unix2.so use_first_pass

sshd auth required pam_deny.so


sshd account required pam_permit.so


sshd session required pam_limits.so


sshd session required pam_permit.so


In this test configuration 192.168.1.1 is not up, because I want to test
fall through.   I want it to attempt tacacs+ auth against 192.168.1.1
and 2, and fall through to using local authentication.

In the case of 192.168.1.1 and 192.168.1.2 not being up, it will not
fall through to local authentication.

In the case of 192.168.1.1 being set to 192.168.1.3, which is up but
does not run a tacacs+ server, authentication will fall through.
Therefore, I have something that I'm missing in my configuration that
should tell the tacacs authentication that it should reset if one or
both of the servers are down.

Any suggestions appreciated.   Now that I've posted for the world, I
think the solution should occur to me in five minutes...

Thanks,
Brian Seppanen




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 09:32 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register