blob: 19fa187b0f0ade0ec61499306dae8fdf3d04fb19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
#%PAM-1.0
# The secret keyword must follow the server keyword.
# is matched up with first secret keyword, and so on. There must be at least as
# many secret keywords as there are keywords.
# Servers are tried in the order listed, and for authorization (account), the
# same tacacs+ server is used that was used for authentication. For tacacs+
# accounting (session), without the acct_all keyword, the same tacacs+ server is
# used. With acct_all, the accounting record is sent to all listed and
# responding tacacs+ servers. See the README file in the source for more
# details.
# An alternative tp service=ppp protocol=lcp for account and session would be
# login=login service=shell protocol=ssh
# Common parameters can also be set in /etc/tacplus_servers, rather than
# the commandline by using the include=/etc/tacplus_servers paramter.
# For the secret parameter, this also improves security
auth required /lib/security/pam_tacplus.so debug server=1.1.1.1 server=2.2.2.2:49 secret=SAME-SECRET
account required /lib/security/pam_tacplus.so debug service=ppp protocol=lcp
account sufficient /lib/security/pam_exec.so /usr/local/bin/showenv.sh
password required /lib/security/pam_cracklib.
password required /lib/security/pam_pwdb.so shadow use_authtok
session required /lib/security/pam_tacplus.so debug server=1.1.1.1 secret=SECRET-1 server=2.2.2.2:49 secret=SECRET-2 service=ppp protocol=lcp
|
