[lug] passwd(5) files
Nate Duehr
nate at natetech.com
Wed Feb 7 02:37:07 MST 2001
You also don't have to use /etc/shadow or /etc/passwd or related files
at all if you'd prefer not to and you trust that your config file for
the tac_plus daemon is safe.
You can add user entries like this:
user = username {
default service = deny
login = cleartext password
member = groupname
}
And set up your "groupname" group appropriately...
I think it'll also support CRYPT'ed passwords, but I haven't looked up
the syntax for that. The "cleartext" above is obviously dangerous if
someone can figure out how to read your configuration file.
This is a lot more scriptable and keeps your user logins on the system
separate from your TACACS logins.
Hope that helps...
On Mon, Feb 05, 2001 at 04:02:19PM -0600, charles at lunarmedia.net wrote:
> i am setting up a small lab of router that are authenticating off of a
> linux server running tacacs+
> i have the users' passwords being checked against /etc/shadow for
> verification.
--
Nate Duehr <nate at natetech.com>
GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
More information about the LUG
mailing list