1 files changed, 21 insertions, 0 deletions

diff --git a/sample.pam b/sample.pam
new file mode 100644
index 0000000..19fa187
--- /dev/null
+++ b/sample.pam
@@ -0,0 +1,21 @@
+#%PAM-1.0
+# The secret keyword must follow the server keyword.
+# is matched up with first secret keyword, and so on.  There must be at least as
+# many secret keywords as there are keywords.
+# Servers are tried in the order listed, and for authorization (account), the
+# same tacacs+ server is used that was used for authentication.  For tacacs+
+# accounting (session), without the acct_all keyword, the same tacacs+ server is
+# used.  With acct_all, the accounting record is sent to all listed and
+# responding tacacs+ servers.  See the README file in the source for more
+# details.
+# An alternative tp service=ppp protocol=lcp for account and session would be
+#   login=login service=shell protocol=ssh
+# Common parameters can also be set in /etc/tacplus_servers, rather than
+# the commandline by using the include=/etc/tacplus_servers paramter.
+# For the secret parameter, this also improves security
+auth       required     /lib/security/pam_tacplus.so debug server=1.1.1.1 server=2.2.2.2:49 secret=SAME-SECRET
+account    required     /lib/security/pam_tacplus.so debug service=ppp protocol=lcp
+account    sufficient   /lib/security/pam_exec.so /usr/local/bin/showenv.sh
+password   required     /lib/security/pam_cracklib.
+password   required     /lib/security/pam_pwdb.so shadow use_authtok
+session    required     /lib/security/pam_tacplus.so debug server=1.1.1.1 secret=SECRET-1 server=2.2.2.2:49 secret=SECRET-2 service=ppp protocol=lcp