diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-05-02 19:07:04 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-05-02 19:18:42 +0200 |
| commit | ceb7d3cb30a23b4b148bc71491b3817e9e6e2778 (patch) | |
| tree | 160ebe6294acb6a790790098b3861e58c0ca9ae4 /tacplus_servers | |
| download | libpam-tacplus-ceb7d3cb30a23b4b148bc71491b3817e9e6e2778.tar.gz libpam-tacplus-ceb7d3cb30a23b4b148bc71491b3817e9e6e2778.zip | |
Initial import of libpam-tacplus (1.4.3-cl3u4)
Diffstat (limited to 'tacplus_servers')
| -rw-r--r-- | tacplus_servers | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/tacplus_servers b/tacplus_servers new file mode 100644 index 0000000..0d9eb3b --- /dev/null +++ b/tacplus_servers @@ -0,0 +1,46 @@ +# This is a common file used by audisp-tacplus, libpam_tacplus, and +# libtacplus_map config files as shipped. +# +# Any tac_plus client config can go here that is common to all users of this +# file, but typically it's just the TACACS+ server IP address(es) and shared +# secret(s) +# +# This file should normally be mode 600, if you care about the security +# of your secret key. When set to mode 600 NSS lookups for TACACS users +# will only work for tacacs users that are logged in, via the local mapping. +# For root, lookups will work for any tacacs users, logged in or not. + +# Set a per-connection timeout of 10 seconds, and enable the use of +# poll() when trying to read from tacacs servers. +# Otherwise standard TCP timeouts apply. +# Not set or set to a negative value disables use of poll(). +# There are usually multiple connection attempts per login. +timeout=10 + +#secret=tacacskey +#server=192.168.0.30 + +# If set, login/logout accounting records are sent to all servers in +# the list, otherwise only to the first responding server +# Also used by audisp-tacplus per-command accounting, if it sources this file. +# acct_all=1 + +# If the management network is in a vrf, set this variable to the vrf name. +# This would usually be "mgmt" +# When this variable is set, the connection to the TACACS+ accounting servers +# will be made through the named vrf. +#vrf=mgmt + +# Sets the IPv4 address used as the source IP address when communicating with +# the TACACS+ server. IPv6 addresses are not supported, nor are hostnames. +# The address must work when passsed to the bind() system call, that is, it must +# be valid for the interface being used. +# source_ip=192.168.1.3 + +# If user_homedir=1, then tacacs users will be set to have a home directory +# based on their login name, rather than the mapped tacacsN home directory. +# mkhomedir_helper is used to create the directory if it does not exist (similar +# to use of pam_mkhomedir.so). This flag is ignored for users with restricted +# shells, e.g., users mapped to a tacacs privilege level that has enforced +# per-command authorization (see the tacplus-restrict man page). +# user_homedir=1 |