Andreas Schindler wrote: > Dan, > > I've been quite deeply involved in the Tacacs+ development about a year > ago. > My works targeted to replace Cisco's tacacs server (which is still > claimed 'alpha') > with a completely rewritten daemon under GPL license. Unfortunately the > work > was suspended due to chancges in my daily duties > > To your problem with pam_tacplus: I'm still using this module > successfully under > Debian 'Lenny', so i suspect the Red-Hat pam environment to cause the > problems. > I suggest you try and exclude bugs in the tacplus library by using the > 'tacc' utility > to launch a test: > > tacc -T -u username -p password -k secret -s server > > On success, you pinned the problem to the pam environment, but the above > message > > 'tac_author_read: inconsistent author reply body, incorrect key?' > > suspects a tacacs configuration error, especially an incorrect key > (secret), which is > CaSe- sensitve! Thanks for the guidance. I was trying to do too much via tacacs. This config worked: auth include tacacs account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth Nick -- Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
