[prev in list] [next in list] [prev in thread] [next in thread]
List: pam-list
Subject: Re: Pam-list Digest, Vol 38, Issue 8
From: "Reza Behroozi" <reza () behroozi ! info>
Date: 2007-04-15 21:58:06
Message-ID: 60294fe10704151450k2b0a109ep81feac5d97643b2d () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
hi
can i use nattacplus for openpn?
when i config router ,set it as a tacacs+
which plugin shoud i use?radius or tacacs?
please send me a link for configuration that work
thanks
sorry for my english
On 4/15/07, pam-list-request@redhat.com <pam-list-request@redhat.com> wrote:
>
> Send Pam-list mailing list submissions to
> pam-list@redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/pam-list
> or, via email, send a message with subject or body 'help' to
> pam-list-request@redhat.com
>
> You can reach the person managing the list at
> pam-list-owner@redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pam-list digest..."
>
> Today's Topics:
>
> 1. Re: Pam-list Digest, Vol 38, Issue 6 (Andreas Schindler)
>
>
> ---------- Forwarded message ----------
> From: Andreas Schindler <schindler@az1.de>
> To: pam-list@redhat.com
> Date: Sat, 14 Apr 2007 19:08:26 +0200
> Subject: Re: Pam-list Digest, Vol 38, Issue 6
> pam-list-request@redhat.com wrote:
>
>
> Subject:
> Tacacs +PAM From:
> "Roberto Dud" <roberto.dud@gmail.com> <roberto.dud@gmail.com> Date:
> Thu, 12 Apr 2007 16:56:22 -0300 To:
> pam-list@redhat.com To:
> pam-list@redhat.com Precedence:
> junk MIME-Version:
> 1.0 Reply-To:
> Pluggable Authentication Modules <pam-list@redhat.com><pam-list@redhat.com> \
> Message-ID:
> <93b73b230704121256h30d2ebd0t2a939e92edae5d3a@mail.gmail.com><93b73b230704121256h30d2ebd0t2a939e92edae5d3a@mail.gmail.com> \
> Content-Type:
> multipart/alternative; boundary="----=_Part_21615_5006272.1176407782942" Message:
>
> 7
> Hi Mrs,
>
> I have a Tacacs server to centralize autentication in my routers, switchs,
> cmts ... And I think I will use this infraestructure to centralize my
> authentication on my Linux Servers.
>
> I found on my seachs on google a PAM module to tacacs.
>
> Anyone know about or use this module?
>
> Thanks,
>
> Dud.
>
> Dud,
>
> i suppose you're talking of the tacacs+ client package published by some
> Polish guy (don't remember the name
> right now). The pam_tacacs module works quite fine. Soem quirks when using
> tacacs 'accounting' (not to be confused
> with PAM accounting, which is the equivalent to tacacs 'authorize'). There
> is a drawback in that the module supports only
> one tacacs server. The workaround i took, was to stack the module twice,
> each one with a different tacacs server.
> Don't forget to switch on encryption. My configuration was:
>
> auth sufficient pam_tacplus.so encrypt secret=FarAway server=
> 10.13.0.22
> auth sufficient pam_tacplus.so encrypt secret=FarAway server=
> 10.14.1.69
>
> BTW the above package includes 'tacc', a small line-mode tacacs client. A
> fine tool when debugging the tacacs environment.
>
> Andreas
>
> --
> Dr.-Ing. Andreas Schindler
>
> Alpha Zero One Computersysteme GmbH
> Frankfurter Str. 141
> 63303 Dreieich
>
> Telefon 06103-57187-21
> Telefax 06103-373245
>
> schindler@az1.dewww.az1.de
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
--
Best Regards
Reza Behroozi
http://reza.behroozi.info
http://www.persianadmins.ir
http://www.persianadmins.com
[Attachment #5 (text/html)]
hi<br>can i use nattacplus for openpn?<br>when i config router ,set it as a tacacs+ \
<br>which plugin shoud i use?radius or tacacs?<br>please send me a link for \
configuration that work<br>thanks<br>sorry for my english<br><br> <div><span \
class="gmail_quote">On 4/15/07, <b class="gmail_sendername"><a \
href="mailto:pam-list-request@redhat.com">pam-list-request@redhat.com</a></b> <<a \
href="mailto:pam-list-request@redhat.com">pam-list-request@redhat.com </a>> \
wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, \
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style="direction: \
ltr;">Send Pam-list mailing list submissions to <br> <a \
onclick="return top.js.OpenExtLink(window,event,this)" \
href="mailto:pam-list@redhat.com">pam-list@redhat.com</a><br><br>To subscribe or \
unsubscribe via the World Wide Web, visit<br> <a \
onclick="return top.js.OpenExtLink(window,event,this)" \
href="https://www.redhat.com/mailman/listinfo/pam-list" target="_blank"> \
https://www.redhat.com/mailman/listinfo/pam-list</a><br>or, via email, send a message \
with subject or body 'help' to<br> <a \
onclick="return top.js.OpenExtLink(window,event,this)" \
href="mailto:pam-list-request@redhat.com"> pam-list-request@redhat.com</a><br><br>You \
can reach the person managing the list at<br> <a \
onclick="return top.js.OpenExtLink(window,event,this)" \
href="mailto:pam-list-owner@redhat.com">pam-list-owner@redhat.com</a> <br><br>When \
replying, please edit your Subject line so it is more specific<br>than "Re: \
Contents of Pam-list digest..."<br></div><br>Today's Topics:<br><br> \
1. Re: Pam-list Digest, Vol 38, Issue 6 (Andreas Schindler) <br><br><br>---------- \
Forwarded message ----------<br>From: Andreas Schindler <<a \
href="mailto:schindler@az1.de">schindler@az1.de</a>><br>To: <a \
href="mailto:pam-list@redhat.com">pam-list@redhat.com</a><br>Date: Sat, 14 Apr \
2007 19:08:26 +0200 <br>Subject: Re: Pam-list Digest, Vol 38, Issue 6<br>
<div bgcolor="#ffffff" text="#000000">
<a href="mailto:pam-list-request@redhat.com" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">pam-list-request@redhat.com</a> wrote: \
<blockquote cite="http://mid20070412203546.59975735C3@hormel.redhat.com" \
type="cite"><br> <table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div style="display: inline;">Subject:
</div>
Tacacs +PAM</td>
</tr>
<tr>
<td>
<div style="display: inline;">From: </div>
"Roberto Dud" <a href="mailto:roberto.dud@gmail.com" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)"><roberto.dud@gmail.com></a></td>
</tr>
<tr>
<td>
<div style="display: inline;">Date: </div>
Thu, 12 Apr 2007 16:56:22 -0300</td>
</tr>
<tr>
<td>
<div style="display: inline;">To: </div>
<a href="mailto:pam-list@redhat.com" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">pam-list@redhat.com</a></td> </tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div style="display: inline;">To: </div>
<a href="mailto:pam-list@redhat.com" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">pam-list@redhat.com</a></td> </tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div style="display: inline;">Precedence:
</div>
junk</td>
</tr>
<tr>
<td>
<div style="display: inline;">MIME-Version:
</div>
1.0</td>
</tr>
<tr>
<td>
<div style="display: inline;">Reply-To:
</div>
Pluggable Authentication Modules <a href="mailto:pam-list@redhat.com" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)"><pam-list@redhat.com></a></td>
</tr>
<tr>
<td>
<div style="display: inline;">Message-ID:
</div>
<a href="mailto:93b73b230704121256h30d2ebd0t2a939e92edae5d3a@mail.gmail.com" \
target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)"><93b73b230704121256h30d2ebd0t2a939e92edae5d3a@mail.gmail.com></a></td>
</tr>
<tr>
<td>
<div style="display: inline;">Content-Type:
</div>
multipart/alternative; \
boundary="----=_Part_21615_5006272.1176407782942"</td> </tr>
<tr>
<td>
<div style="display: inline;">Message:
</div>
7</td>
</tr>
</tbody>
</table>
<br>
Hi Mrs,<br>
<br>
I have a Tacacs server to centralize autentication in my routers,
switchs, cmts ... And I think I will use this infraestructure to
centralize my authentication on my Linux Servers.<br>
<br>
I found on my seachs on google a PAM module to tacacs.
<br>
<br>
Anyone know about or use this module?<br>
<br>
Thanks,<br>
<br>
Dud.<br>
<br>
</blockquote>
<font face="Helvetica, Arial, sans-serif">Dud,<br>
<br>
i suppose you're talking of the tacacs+ client package published by
some Polish guy (don't remember the name<br>
right now). The pam_tacacs module works quite fine. Soem quirks when
using tacacs 'accounting' (not to be confused <br>
with PAM accounting, which is the equivalent to tacacs 'authorize').
There is a drawback in that the module supports only<br>
one tacacs server. The workaround i took, was to stack the module
twice, each one with a different tacacs server.<br>
Don't forget to switch on encryption. My configuration was:<br>
<br>
auth sufficient \
pam_tacplus.so encrypt secret=FarAway server=<a href="http://10.13.0.22" \
target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">10.13.0.22</a><br> </font><font \
face="Helvetica, Arial, sans-serif"> \
auth sufficient pam_tacplus.so \
encrypt secret=FarAway server=<a href="http://10.14.1.69" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">10.14.1.69</a></font><br> \
<font face="Helvetica, Arial, sans-serif"><br> BTW the above package includes \
'tacc', a small line-mode tacacs client. A fine tool when debugging the \
tacacs environment. <br> <br>
Andreas<br>
</font><br>
<pre cols="90">-- <br>Dr.-Ing. Andreas Schindler<br> <br>Alpha Zero One \
Computersysteme GmbH<br>Frankfurter Str. 141<br>63303 Dreieich<br> <br>Telefon \
06103-57187-21<br>Telefax 06103-373245<br> <br><a href="mailto:schindler@az1.de" \
target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> \
schindler@az1.de</a> <a href="http://www.az1.de" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">www.az1.de</a> </pre>
</div>
<br>_______________________________________________<br>Pam-list mailing list<br><a \
onclick="return top.js.OpenExtLink(window,event,this)" \
href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a><br><a onclick="return \
top.js.OpenExtLink(window,event,this)" \
href="https://www.redhat.com/mailman/listinfo/pam-list" target="_blank"> \
https://www.redhat.com/mailman/listinfo/pam-list</a><br></blockquote></div><br><br \
clear="all"><br>-- <br>Best Regards<br>Reza Behroozi<br><a \
href="http://reza.behroozi.info">http://reza.behroozi.info</a><br><a \
href="http://www.persianadmins.ir"> http://www.persianadmins.ir</a><br><a \
href="http://www.persianadmins.com">http://www.persianadmins.com</a>
_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic