authenticate Solaris with TACACS
You have to compile
tacplus, a TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
/src/pam_tacplus-1.3.6> ./configure
...
/src/pam_tacplus-1.3.6> make
...
/bin/bash ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -Ilibtac/include -g -O2 -MT pam_tacplus_la-md5.lo -MD -MP -MF .deps/pam_tacplus_la-md5.Tpo -c -o pam_tacplus_la-md5.lo `test -f 'libtac/lib/md5.c' || echo './'`libtac/lib/md5.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -Ilibtac/include -g -O2 -MT pam_tacplus_la-md5.lo -MD -MP -MF .deps/pam_tacplus_la-md5.Tpo -c libtac/lib/md5.c -fPIC -DPIC -o .libs/pam_tacplus_la-md5.o
In file included from libtac/lib/md5.c:22:
libtac/lib/md5.h:35: error: syntax error before "void"
libtac/lib/md5.h:36: error: syntax error before "__P"
libtac/lib/md5.h:37: error: syntax error before "__P"
libtac/lib/md5.c:25: error: syntax error before "static"
libtac/lib/md5.c:25: error: syntax error before "__P"
libtac/lib/md5.c:169: error: conflicting types for 'Transform'
libtac/lib/md5.c:120: error: previous implicit declaration of 'Transform' was here
*** Error code 1
make: Fatal error: Command failed for target `pam_tacplus_la-md5.lo'
Current working directory /opt/src/pam_tacplus-1.3.6
*** Error code 1
make: Fatal error: Command failed for target `all'
I had problems with latest versions pam_tacplus-1.3.6 and pam_tacplus-1.3.5
pam_tacplus-1.3.4.tar.gz compiles without problem.
I manually moved
/usr/local/lib/security/pam_tacplus.so to
/usr/lib/security/ and configured
/etc/pam.conf
sshd-kbdint auth sufficient pam_tacplus.so debug server=10.136.28.24 secret=f43fh3qx2
sshd-kbdint auth required pam_unix_auth.so.1
You need only the first line for TACACS, but i wanted to have a failback to normal login.
Links
