Closed aridhaa closed 2 years ago
@aridhaa The authorisation decision is made on the TACACS+ server and pam_tacplus
just proxies the responses, so I don't think this can be diagnosed without server config. Please reopen this issue if you think this can be diagnosed any further.
Hi team, I'm tryning to implement PAM with CentOS 8.3, every thing is working fine as expected (installation and configuration) But I have issue with authorization : whatever service configured on the Tacacs+ side the authorization PASS and user loged in even for users that no service is configured at all the user is authorized to login here is my config files
sshd file
%PAM-1.0
auth include tacacs auth required pam_sepermit.so auth include password-auth
account required pam_nologin.so account include tacacs account include password-auth
password include password-auth
session required pam_selinux.so close session required pam_loginuid.so
session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke
session include tacacs session include password-auth
tacacs file
%PAM-1.0
auth sufficient /usr/local/lib/security/pam_tacplus.so debug server=192.168.169.140 secret=p1atf0rm account sufficient /usr/local/lib/security/pam_tacplus.so debug server=192.168.169.140 secret=XXXXXXX Service=ppp protocol=ssh session sufficient /usr/local/lib/security/pam_tacplus.so debug server=192.168.169.140 secret=XXXXXXX Service=ppp protocol=ssh
any idea please and if someone make this works with authorization ?