#%PAM-1.0
# The secret keyword must follow the server keyword.
# is matched up with first secret keyword, and so on.  There must be at least as
# many secret keywords as there are keywords.
# Servers are tried in the order listed, and for authorization (account), the
# same tacacs+ server is used that was used for authentication.  For tacacs+
# accounting (session), without the acct_all keyword, the same tacacs+ server is
# used.  With acct_all, the accounting record is sent to all listed and
# responding tacacs+ servers.  See the README file in the source for more
# details.
# An alternative tp service=ppp protocol=lcp for account and session would be
#   login=login service=shell protocol=ssh
# Common parameters can also be set in /etc/tacplus_servers, rather than
# the commandline by using the include=/etc/tacplus_servers paramter.
# For the secret parameter, this also improves security
auth       required     /lib/security/pam_tacplus.so debug server=1.1.1.1 server=2.2.2.2:49 secret=SAME-SECRET
account    required     /lib/security/pam_tacplus.so debug service=ppp protocol=lcp
account    sufficient   /lib/security/pam_exec.so /usr/local/bin/showenv.sh
password   required     /lib/security/pam_cracklib.
password   required     /lib/security/pam_pwdb.so shadow use_authtok
session    required     /lib/security/pam_tacplus.so debug server=1.1.1.1 secret=SECRET-1 server=2.2.2.2:49 secret=SECRET-2 service=ppp protocol=lcp