The
module provides authentication services based
upon the TACACS+ protocol
for the PAM (Pluggable Authentication Module) framework.
The
module accepts these optional parameters:
use_first_pass
causes
to use a previously entered password instead of prompting for a new one.
If no password has been entered then authentication fails.
try_first_pass
causes
to use a previously entered password, if one is available.
If no
password has been entered,
prompts for one as usual.
echo_pass
causes echoing to be left on if
prompts for a password.
conf = pathname
specifies a non-standard location for the TACACS+ client configuration file
(normally located in
/etc/tacplus.conf )
template_user = username
specifies a user whose
passwd(5)
entry will be used as a template to create the session environment
if the supplied username does not exist in local password database.
The user
will be authenticated with the supplied username and password, but his
credentials to the system will be presented as the ones for
username
i.e., his login class, home directory, resource limits, etc. will be set to ones
defined for
username
If this option is omitted, and there is no username
in the system databases equal to the supplied one (as determined by call to
getpwnam(3)),
the authentication will fail.
FILES
/etc/tacplus.conf
The standard TACACS+ client configuration file for
An -nosplit
The
manual page was written by
An Andrzej Bialecki Aq abial@FreeBSD.org
and adapted to TACACS+ from RADIUS by
An Mark R V Murray Aq markm@FreeBSD.org .
The
module was written by
An John D. Polstra Aq jdp@FreeBSD.org .
