-   Linux - Networking (
-   -   tac_plus & PAM (

mambolim 11-30-2006 12:47 AM

tac_plus & PAM
Hello guys,

I have a set of Cisco network devices which I decided to manage the authentication through tac_plus by, and everything worked fine if I set the authentication method to /etc/passwd, but currently I need the feature which makes tac_plus authenticate users through PAM, which is why I chose's flavor of tacacs.

I am currently using:

Fedora Core 6
uname -r : 2.6.18-1.2849.fc6

I have compiled and installed tacacs+-F4.0.4.13, authenticating primarily from /etc/passwd. What I'll like to achieve is to set a system wide login attempts of 3, and lockout any user account except root in PAM. My system already has that policy set, but I'll like to apply this policy to tacacs as well. I have tried to set the authentication method to PAM, but it doesn't work, please see my config:


key = examplekey

# Now tacacs+ also use default PAM authentication

# Accounting records log file

accounting file = /var/log/tac_acc.log

#All services are alowed..

user = $enable$ {
login = cleartext "**Masked**"

group = admin {

    login = PAM

user = tester1 {

member = admin


Whenever I try to login with "tester1" it prompts me with "% Authentication Failure" without even prompting me for password. Log files aren't showing anything too.

I compiled the application with:

./configure --prefix=/usr/local/tacplus

Read through their documentation but it was not really complete on certain features and google did not yield much too, hence I'll like to ask for further advice or an example config even.

If the information provided is not sufficient I'll be glad to provide more, appreciate further advice.

All times are GMT -5. The time now is 06:55 AM.