search

kravietz / pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
132 stars 100 forks source link

Mechanism to get the user priviledge from TACACS Server #193

Open subritm opened 1 year ago

subritm commented 1 year ago

I have setup a TACACS+ server with Ubuntu 18 version. Created users 

user = DEFAULT {
        login = PAM
        service = ppp protocol = ip {}
}

user=Admin {
 global = cleartext "administrator"
 member="admin"
}
user=Standard {
login = cleartext "standard"
member=readonly
}
group = admin {
 default service = deny
service = administrator {
default attribute = permit
priv-lvl = 15
}
 login = file /etc/passwd
}
group = readonly {
default service = deny
service = useraccess {
default attribute = permit
priv-lvl = 1
}
}

In client side I tried this

tacc -T -u Admin -p administrator -s 10.1.1.1 -k Secret@12345 -L login -r 10.1.1.1 -S ppp -P ip -y tty0

Its authenticates and with invalid password correctly reports the same.

My doubt is regarding how do we get the privilege level information. like User Admin is having admin privilege while Standard user will have readonly level 1 privilege. can we get this info in response from the server ?

Thanks in Advance