--- a/libtac/include/libtac.h
+++ b/libtac/include/libtac.h
@@ -126,7 +126,7 @@
 extern int tac_timeout;
 
 int tac_connect(struct addrinfo **, char **, int);
-int tac_connect_single(struct addrinfo *, const char *, struct addrinfo *);
+int tac_connect_single(struct addrinfo *, const char *, struct addrinfo *, int);
 char *tac_ntop(const struct sockaddr *);
 
 int tac_authen_send(int, const char *, char *, char *,
--- a/libtac/lib/connect.c
+++ b/libtac/lib/connect.c
@@ -50,7 +50,7 @@
         TACSYSLOG((LOG_ERR, "%s: no TACACS+ servers defined", __FUNCTION__))
     } else {
         for ( tries = 0; tries < servers; tries++ ) {   
-            if((fd=tac_connect_single(server[tries], key[tries], NULL)) >= 0 ) {
+            if((fd=tac_connect_single(server[tries], key[tries], NULL, tac_timeout)) >= 0 ) {
                 /* tac_secret was set in tac_connect_single on success */
                 break;
             }
@@ -67,7 +67,7 @@
  *   >= 0 : valid fd
  *   <  0 : error status code, see LIBTAC_STATUS_...
  */
-int tac_connect_single(struct addrinfo *server, const char *key, struct addrinfo *srcaddr) {
+int tac_connect_single(struct addrinfo *server, const char *key, struct addrinfo *srcaddr, int timeout) {
     int retval = LIBTAC_STATUS_CONN_ERR; /* default retval */
     int fd = -1;
     int flags, rc;
@@ -128,7 +128,7 @@
     FD_SET(fd, &writefds);
 
     /* set timeout seconds */
-    tv.tv_sec = tac_timeout;
+    tv.tv_sec = timeout;
     tv.tv_usec = 0;
 
     /* check if socket is ready for read and write */
--- a/pam_tacplus.c
+++ b/pam_tacplus.c
@@ -169,7 +169,7 @@
 
     status = PAM_SESSION_ERR;
     for(srv_i = 0; srv_i < tac_srv_no; srv_i++) {
-        tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL);
+        tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout);
         if (tac_fd < 0) {
             _pam_log(LOG_WARNING, "%s: error sending %s (fd)",
                 __FUNCTION__, typemsg);
@@ -266,7 +266,7 @@
         if (ctrl & PAM_TAC_DEBUG)
             syslog(LOG_DEBUG, "%s: trying srv %d", __FUNCTION__, srv_i );
 
-        tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL);
+        tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout);
         if (tac_fd < 0) {
             _pam_log(LOG_ERR, "connection failed srv %d: %m", srv_i);
             continue;
@@ -487,7 +487,7 @@
     if(tac_protocol != NULL && tac_protocol[0] != '\0')
       tac_add_attrib(&attr, "protocol", tac_protocol);
 
-    tac_fd = tac_connect_single(active_server.addr, active_server.key, NULL);
+    tac_fd = tac_connect_single(active_server.addr, active_server.key, NULL, tac_timeout);
     if(tac_fd < 0) {
         _pam_log (LOG_ERR, "TACACS+ server unavailable");
         if(arep.msg != NULL)