NAME

pam_tacplus —

TACACS+ authentication PAM module

SYNOPSIS

[service-name] module-type control-flag pam_tacplus [options]

DESCRIPTION

The pam_tacplus module provides authentication services based upon the TACACS+ protocol for the PAM (Pluggable Authentication Module) framework.

The pam_tacplus module accepts these optional parameters:

use_first_pass: causes pam_tacplus to use a previously entered password instead of prompting for a new one. If no password has been entered then authentication fails.
try_first_pass: causes pam_tacplus to use a previously entered password, if one is available. If no password has been entered, pam_tacplus prompts for one as usual.
echo_pass: causes echoing to be left on if pam_tacplus prompts for a password.
conf=pathname: specifies a non-standard location for the TACACS+ client configuration file (normally located in /etc/tacplus.conf).
template_user=username: specifies a user whose passwd(5) entry will be used as a template to create the session environment if the supplied username does not exist in local password database. The user will be authenticated with the supplied username and password, but his credentials to the system will be presented as the ones for username, i.e., his login class, home directory, resource limits, etc. will be set to ones defined for username.
If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to getpwnam(3)), the authentication will fail.

FILES

/etc/tacplus.conf: The standard TACACS+ client configuration file for pam_tacplus

HISTORY

The pam_tacplus module first appeared in FreeBSD 3.1.

AUTHORS

The pam_tacplus manual page was written by Andrzej Bialecki <abial@FreeBSD.org> and adapted to TACACS+ from RADIUS by Mark R V Murray <markm@FreeBSD.org>.

The pam_tacplus module was written by John D. Polstra <jdp@FreeBSD.org>.