Hi, I have a FreeBSD 5.2.1 box vanilla install. I want to configure ssh to use pam_tacplus to do the authentication.
My ssh file in the /etc/pam directory looks like this: %<--------------------------------------------------------------------->% # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_tacplus.so debug try_first_pass #auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass %<--------------------------------------------------------------------->% Sometimes this works and sometimes it doesn't work properly. I have a couple of questions. For example, for my userid it works like it should but for the guy in the cube from me, it still requires his old local password. - Once this is working, can I delete the userids our of the passwd file? - As long as the userid is in the groups will SU still work for those users? - Will the user still map to their proper home directory? - I guess that it's a good idea to keep a userid on the box that is non-root but is still stored local in case of any problems? -- Ray Seals <[EMAIL PROTECTED]> _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"