I don't think PAM is needed at all, but I could be wrong.
Joshua D Doll
On June 12, 2017 4:28:14 PM EDT, Andrew Meyer via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
>Correct. So I would skip the adding of the pam module and just create
>a new pam config file, right?
>
>On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users
><freeipa-users@lists.fedorahosted.org> wrote:
>
>
>I think you only want the PAM module if you are trying to authenticate
>your users via tacacs for Linux. It sounds like you are trying to setup
>a tacacs server and using FreeIPA as your user store. In which case
>you'll want to look at configuring the tacacs service to talk to
>FreeIPA's LDAP
>
>Joshua D Doll
>
>On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users
><freeipa-users@lists.fedorahosted.org> wrote:
>So this post is having me compile the pam_tacacs. Do I still need to
>do that if I am using shrubbery.net TACACS+?
>
>On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users
><freeipa-users@lists.fedorahosted.org> wrote:
>
>
> Haven't gotten that far yet. Want to set it up.
>
>On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users
><freeipa-users@lists.fedorahosted.org> wrote:
>
>
>it's a pam module and works the same as others, if you are using hbac
>you'll need to create a service for the module
>https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs-cisco-acs
>
>Anything specific you're having issues with?
>-Jake
>
>From: "freeipa-users" <freeipa-users@lists.fedorahosted.org>
>To: "freeipa-users" <freeipa-users@lists.fedorahosted.org>
>Cc: "Andrew Meyer" <andrewm...@yahoo.com>
>Sent: Friday, June 9, 2017 10:13:52 AM
>Subject: [Freeipa-users]FreeIPA and TACACS+
>
>Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working?
>_______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>To unsubscribe send an email to
>freeipa-users-le...@lists.fedorahosted.org
>_______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>To unsubscribe send an email to
>freeipa-users-le...@lists.fedorahosted.org
>
>
> _______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>To unsubscribe send an email to
>freeipa-users-le...@lists.fedorahosted.org
>
>
>
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my
>brevity._______________________________________________
>FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>To unsubscribe send an email to
>freeipa-users-le...@lists.fedorahosted.org
>
>
>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
