Re: Pam-list Digest, Vol 38, Issue 8

["Reza Behroozi" <reza behroozi info>]

hi
can i use nattacplus for openpn?
when i config router ,set it as a tacacs+ 
which plugin shoud i use?radius or tacacs?
please send me a link for configuration that work
thanks
sorry for my english

On 4/15/07, pam-list-request redhat com <pam-list-request redhat com > wrote:

Send Pam-list mailing list submissions to
       pam-list redhat com

To subscribe or unsubscribe via the World Wide Web, visit
        https://www.redhat.com/mailman/listinfo/pam-list
or, via email, send a message with subject or body 'help' to
        pam-list-request redhat com

You can reach the person managing the list at
       pam-list-owner redhat com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pam-list digest..."

Today's Topics:

  1. Re: Pam-list Digest, Vol 38, Issue 6 (Andreas Schindler)


---------- Forwarded message ----------
From: Andreas Schindler <schindler az1 de>
To: pam-list redhat com
Date: Sat, 14 Apr 2007 19:08:26 +0200
Subject: Re: Pam-list Digest, Vol 38, Issue 6

pam-list-request redhat com wrote:

Subject:

Tacacs +PAM

From:

"Roberto Dud" <roberto dud gmail com>

Date:

Thu, 12 Apr 2007 16:56:22 -0300

To:

pam-list redhat com

To:

pam-list redhat com

Precedence:

junk

MIME-Version:

1.0

Reply-To:

Pluggable Authentication Modules <pam-list redhat com>

Message-ID:

<93b73b230704121256h30d2ebd0t2a939e92edae5d3a mail gmail com>

Content-Type:

multipart/alternative; boundary="----=_Part_21615_5006272.1176407782942"

Message:

7

Hi Mrs,

I have a Tacacs server to centralize autentication in my routers, switchs, cmts ... And I think I will use this infraestructure to centralize my authentication on my Linux Servers.

I found on my seachs on google a PAM module to tacacs.

Anyone know about or use this module?

Thanks,

Dud.

Dud,

i suppose you're talking of the tacacs+ client package published by some Polish guy (don't remember the name
right now). The pam_tacacs module works quite fine. Soem quirks when using tacacs 'accounting' (not to be confused
with PAM accounting, which is the equivalent to tacacs 'authorize'). There is a drawback in that the module supports only
one tacacs server. The workaround i took, was to stack the module twice, each one with a different tacacs server.
Don't forget to switch on encryption. My configuration was:

    auth        sufficient   pam_tacplus.so encrypt secret=FarAway server=10.13.0.22
    auth        sufficient   pam_tacplus.so encrypt secret=FarAway server=10.14.1.69

BTW the above package includes 'tacc', a small  line-mode tacacs client. A fine tool when debugging the tacacs environment.

Andreas

-- 
Dr.-Ing. Andreas Schindler
 
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
 
Telefon 06103-57187-21
Telefax 06103-373245
 

schindler az1 de
www.az1.de

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list

-- 
Best Regards
Reza Behroozi
http://reza.behroozi.info
http://www.persianadmins.ir
http://www.persianadmins.com