kravietz / pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
132 stars 102 forks source link

How to log user commands into server accounting file? #192

Open shahriarbasiri opened 1 year ago

shahriarbasiri commented 1 year ago

I was working with a NOS which uses pam_tacplus for tacacs and I found that it logs user commands to server ( /var/log/tac_plus.acct) but when I config ssh pam files the same as the NOS on other devices, it doesn't log any user commands to server. Firstly, I was thinking that if I config the session part in pam to use tacplus.so then I'll have the accounting, but apparently that is not the case. I also checked the pam_sm_open_session and I found that no "cmd" input is passed to _pam_account(). So, my next question is how a user application should send log of user commands to server? Apparently there is no standard API for that and the user should manually call the _pam_account() ?