diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-06-22 22:41:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-22 22:41:48 +0200 |
| commit | b5976afd68b850523335ec64db7e1e59efb8f9fd (patch) | |
| tree | c1a2932dbec7dc3e498ad5bd9db2831249c4b1fa /src/pam-configs | |
| parent | 2128dc0ddf6b921f440067d7b862f30d9fad0cb2 (diff) | |
| parent | 3ec727670de02cac06321719a0323650046d54a1 (diff) | |
| download | vyos-1x-b5976afd68b850523335ec64db7e1e59efb8f9fd.tar.gz vyos-1x-b5976afd68b850523335ec64db7e1e59efb8f9fd.zip | |
Merge pull request #2038 from c-po/t141-tacacs
T141: add TACACS support
Diffstat (limited to 'src/pam-configs')
| -rw-r--r-- | src/pam-configs/radius | 11 | ||||
| -rw-r--r-- | src/pam-configs/tacplus | 17 |
2 files changed, 21 insertions, 7 deletions
diff --git a/src/pam-configs/radius b/src/pam-configs/radius index aaae6aeb0..08247f77c 100644 --- a/src/pam-configs/radius +++ b/src/pam-configs/radius @@ -1,20 +1,17 @@ Name: RADIUS authentication -Default: yes +Default: no Priority: 257 Auth-Type: Primary Auth: - [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet - [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet + [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet [authinfo_unavail=ignore success=end default=ignore] pam_radius_auth.so Account-Type: Primary Account: - [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet - [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet + [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_radius_auth.so Session-Type: Additional Session: - [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet - [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet + [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet [authinfo_unavail=ignore success=ok default=ignore] pam_radius_auth.so diff --git a/src/pam-configs/tacplus b/src/pam-configs/tacplus new file mode 100644 index 000000000..66a1eaa4c --- /dev/null +++ b/src/pam-configs/tacplus @@ -0,0 +1,17 @@ +Name: TACACS+ authentication +Default: no +Priority: 257 +Auth-Type: Primary +Auth: + [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet + [authinfo_unavail=ignore success=end auth_err=bad default=ignore] pam_tacplus.so include=/etc/tacplus_servers login=login + +Account-Type: Primary +Account: + [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet + [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_tacplus.so include=/etc/tacplus_servers login=login + +Session-Type: Additional +Session: + [default=ignore success=ignore] pam_succeed_if.so user ingroup aaa quiet + [authinfo_unavail=ignore success=ok default=ignore] pam_tacplus.so include=/etc/tacplus_servers login=login |