[lug] passwd(5) files

charles at lunarmedia.net charles at lunarmedia.net
Wed Feb 7 08:12:03 MST 2001


yes, but i would like to allow the users to update their passwords on the
linux box and have this dynamically be reflected when they log into the
router.
otherwise, keeping the passwords in the config file means editing the file
whenever someone needs to change their pass.

On Wed, 7 Feb 2001, Nate Duehr wrote:

> You also don't have to use /etc/shadow or /etc/passwd or related files
> at all if you'd prefer not to and you trust that your config file for
> the tac_plus daemon is safe.
>
> You can add user entries like this:
>
> user = username {
> 	default service = deny
>         login = cleartext password
> 	member = groupname
> }
>
> And set up your "groupname" group appropriately...
>
> I think it'll also support CRYPT'ed passwords, but I haven't looked up
> the syntax for that.  The "cleartext" above is obviously dangerous if
> someone can figure out how to read your configuration file.
>
> This is a lot more scriptable and keeps your user logins on the system
> separate from your TACACS logins.
>
> Hope that helps...
>
> On Mon, Feb 05, 2001 at 04:02:19PM -0600, charles at lunarmedia.net wrote:
> > i am setting up a small lab of router that are authenticating off of a
> > linux server running tacacs+
> > i have the users' passwords being checked against /etc/shadow for
> > verification.
>
>




More information about the LUG mailing list