pam_tacplus(ver 1.5.1) IPv6 - Password is always set as "INCORRECT" for non-local user

[rajeevghosh2000]

I installed pam_tacplus ver 1.5.1 and configured TACACS Client to send request to TACACS server in IPv6 . But when a local user(present in /etc/passwd) logs in, I can see in TACACS Authentication request , Password field is same as the user typed. whereas if the user is non-local user then , in TACACS Authentication , Password is always "\b\n\r\177INCORRECT\b\n\r" irrespective of what the user types in

Following is /etc/nsswitch.conf: passwd: files tacplus [NOTFOUND=return] db shadow: files tacplus [NOTFOUND=return] db group: files tacplus [NOTFOUND=return] db

Pkg information: pam_tacplus-1.5.1-1.x86_64 nss_tacplus-2.0-1.x86_64

Please help on this

[akhileshsingh-saithwar]

I installed pam_tacplus ver 1.5.1 and configured TACACS Client to send request to TACACS server in IPv6 . But when a local user(present in /etc/passwd) logs in, I can see in TACACS Authentication request , Password field is same as the user typed. whereas if the user is non-local user then , in TACACS Authentication , Password is always "\b\n\r\177INCORRECT\b\n\r" irrespective of what the user types in

Following is /etc/nsswitch.conf: passwd: files tacplus [NOTFOUND=return] db shadow: files tacplus [NOTFOUND=return] db group: files tacplus [NOTFOUND=return] db

Pkg information: pam_tacplus-1.5.1-1.x86_64 nss_tacplus-2.0-1.x86_64

Please help on this

Hi Rajeev,

I was also facing the similar issue for remote user. Here is the work around "https://github.com/donapieppo/libnss-ato".

[kravietz]

Seems to be NSS not pam_tacplus issue