Secure Shell
[Openssh & TACACS+]Authneticating with TACACS+ Jan 06 2011 04:55AM
akshar kanak (akshar kanak1 gmail com)
Dear team
I have following scenario
SSH client <->SSH server (openssh) <-> TACACS+

I need to authenticate at SSH server using an account whcih
is registered at TACACS+ server . But the problem is the same user
entry will not at available in /etc/passwd .When Openssh creates a
shell it should be owned by the same TACACS+ user .

One option is , I have checked that through nsswitch .conf we
can configure the source from where the infomration about the user can
be read .The attribute used in nsswitch.conf file is "passwd" .Is it
possible to put TACACS+ as one of the source ? Will the systems
calls like getpwnam support getting the user infomration from TACACS+
? In TACACS+ servers is it possible to configure uid , gid , home
directory , shell for a particular user ?

Another option is once authentication is successful , SSH server
will temporaryly create a user entry in /etc/passwd and the create a
shell with user as the owner of that shell .

openssh : openssh-3.9.p1
TACACS+ server : F4.0.3.alpha

Thanks in advance

Warm regards
Akshar

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus