[lug] passwd(5) files

Nate Duehr nate at natetech.com
Wed Feb 7 02:37:07 MST 2001


You also don't have to use /etc/shadow or /etc/passwd or related files
at all if you'd prefer not to and you trust that your config file for
the tac_plus daemon is safe.  

You can add user entries like this:

user = username {
	default service = deny
        login = cleartext password 
	member = groupname 
}

And set up your "groupname" group appropriately...

I think it'll also support CRYPT'ed passwords, but I haven't looked up
the syntax for that.  The "cleartext" above is obviously dangerous if
someone can figure out how to read your configuration file.

This is a lot more scriptable and keeps your user logins on the system
separate from your TACACS logins.

Hope that helps...

On Mon, Feb 05, 2001 at 04:02:19PM -0600, charles at lunarmedia.net wrote:
> i am setting up a small lab of router that are authenticating off of a
> linux server running tacacs+
> i have the users' passwords being checked against /etc/shadow for
> verification.

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.



More information about the LUG mailing list