On 02.10.2008 1:52, Nick Owen wrote:
Greetings:
I am trying to get pam_tacplus 1.2.9 working with pam-0.99.6.2-3.22.fc6.
I had this working back in the pam_stack days, but can't seem to get it
quite right using include.
here is my /etc/pam.d/tacacs file:
#%PAM-1.0
auth sufficient /lib/security/pam_tacplus.so debug
server=10.100.0.102 secret=super_secret encrypt
account sufficient /lib/security/pam_tacplus.so debug
server=10.100.0.102 secret=super_secret encrypt service=shell protocol=ssh
session sufficient /lib/security/pam_tacplus.so debug
server=10.100.0.102 secret=super_secret encrypt service=shell protocol=ssh
Here's my /etc/pam.d/sshd:
#%PAM-1.0
auth include tacacs
#auth required pam_nologin.so
account include tacacs
#account required system-auth
password required tacacs
^^^^^^^^
Here is the root of your problem :-)
session include tacacs
#session required system-auth
#session required pam_limits.so
#session optional pam_console.so
And here's the output from /var/log/secure:
Oct 1 17:21:40 vpn sshd[22767]: PAM unable to dlopen(/lib/security/tacacs)
Oct 1 17:21:40 vpn sshd[22767]: PAM [error: /lib/security/tacacs:
cannot open shared object file: No such file or directory]
Oct 1 17:21:40 vpn sshd[22767]: PAM adding faulty module:
/lib/security/tacacs
[skip]
I can't seem to google up any info on configuring with modules using
include. The logs seem to point to tacacs being in the wrong place. I
also wonder if the source for tacplus needs to be updated.
You just forgot to replace 'required' with 'include' and didn't notice that :-)
--
Sincerely Your, Dan.
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
