search

kravietz / pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
130 stars 97 forks source link

help needed #170

Closed starter-bee closed 2 years ago

starter-bee commented 2 years ago

Sorry for this 101 question. I extracted 1.6.1 package on Centos. I installed pam-devel. I installed the package with following commands: autoreconf -i ./configure && make && sudo make install

Edited as here /etc/pam.d/sshd: [root@localhost pam_tacplus-1.6.1]# more auth include tacacs

%PAM-1.0

auth required pam_sepermit.so

Created a new file named tacacs in /etc/pam.d: /etc/pam.d/tacacs, containing:

[root@localhost pam_tacplus-1.6.1]# more /etc/pam.d/tacacs

%PAM-1.0

auth sufficient /usr/local/lib/security/pam_tacplus.so debug server=10.20.40.99 secret=linux account sufficient /usr/local/lib/security/pam_tacplus.so debug server=10.20.40.99 secret=linux service=shell protocol=ssh session sufficient /usr/local/lib/security/pam_tacplus.so debug server=10.20.40.99 secret=linux service=shell protocol=ssh [root@localhost pam_tacplus-1.6.1]#

I created a local user on Centos. There is not a single TACACS authentication attempt to my TACACS server at 10.20.40.99 over ssh connection attempt to my Centos using this local user.

kravietz commented 2 years ago

@starter-bee This is because ssh is _not_using /etc/pam.d: /etc/pam.d/tacacs, most likely it's using /etc/pam.d: /etc/pam.d/sshd (at least on my Ubuntu).