TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
Sorry for this 101 question.
I extracted 1.6.1 package on Centos.
I installed pam-devel.
I installed the package with following commands:
autoreconf -i
./configure && make && sudo make install
Edited as here /etc/pam.d/sshd:
[root@localhost pam_tacplus-1.6.1]# more
auth include tacacs
%PAM-1.0
auth required pam_sepermit.so
Created a new file named tacacs in /etc/pam.d: /etc/pam.d/tacacs, containing:
[root@localhost pam_tacplus-1.6.1]# more /etc/pam.d/tacacs
I created a local user on Centos.
There is not a single TACACS authentication attempt to my TACACS server at 10.20.40.99 over ssh connection attempt to my Centos using this local user.
@starter-bee This is because ssh is _not_using /etc/pam.d: /etc/pam.d/tacacs, most likely it's using /etc/pam.d: /etc/pam.d/sshd (at least on my Ubuntu).
Sorry for this 101 question. I extracted 1.6.1 package on Centos. I installed pam-devel. I installed the package with following commands: autoreconf -i ./configure && make && sudo make install
Edited as here /etc/pam.d/sshd: [root@localhost pam_tacplus-1.6.1]# more auth include tacacs
%PAM-1.0
auth required pam_sepermit.so
Created a new file named tacacs in /etc/pam.d: /etc/pam.d/tacacs, containing:
[root@localhost pam_tacplus-1.6.1]# more /etc/pam.d/tacacs
%PAM-1.0
auth sufficient /usr/local/lib/security/pam_tacplus.so debug server=10.20.40.99 secret=linux account sufficient /usr/local/lib/security/pam_tacplus.so debug server=10.20.40.99 secret=linux service=shell protocol=ssh session sufficient /usr/local/lib/security/pam_tacplus.so debug server=10.20.40.99 secret=linux service=shell protocol=ssh [root@localhost pam_tacplus-1.6.1]#
I created a local user on Centos. There is not a single TACACS authentication attempt to my TACACS server at 10.20.40.99 over ssh connection attempt to my Centos using this local user.