ganeshragnarayanan
ganeshragnarayanan
/ Tacacs+ source interface support UT
Created
September 19, 2016 00:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Topology | |
| ========= | |
| # | |
| # +-------+ | |
| # | | +---v---+ | |
| # | hs1 <-----> sw1 | | |
| # | | +-------+ | |
| # +-------+ | |
| # |
ganeshragnarayanan
/ gist:987b20f8d4c086901cf93139e58306fa
Last active
September 13, 2016 23:14
Tacacs Source Interface UT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using Management IP | |
| =================== | |
| ip source-interface all address 172.17.0.2 | |
| common-auth-access | |
| # here are the per-package modules (the "Primary" block) | |
| auth [success=1 default=ignore] /usr/lib/security/libpam_tacplus.so debug server=10.0.0.75 secret=tac_test | |
| login=pap timeout=5 src_namespace=/var/run/netns/nonet dstn_namespace=/var/run/netns/nonet source_ip=172.17.0.2 | |
| # |
ganeshragnarayanan
/ Tacacs SSH PAM UT
Created
September 1, 2016 18:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Logs with Tacacs ONLY user | |
| =========================== | |
| Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user sshd, TEMPLATE_USER = admin | |
| Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin | |
| Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally | |
| Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: 1 servers defined | |
| Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' } | |
| Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_service='' | |
| Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_protocol='' |
ganeshragnarayanan
/ Tacacs namespace behavior
Last active
August 23, 2016 23:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat common-auth-access | |
| ======================== | |
| # | |
| # /etc/pam.d/common-auth - authentication settings common to all services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of the authentication modules that define | |
| # the central authentication scheme for use on the system | |
| # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the | |
| # traditional Unix authentication mechanisms. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Aug 8 13:24:11 ubuntu sshd[15664]: last_pw_name pointer is (nil), user = sshd | |
| Aug 8 13:24:11 ubuntu sshd[15664]: last_pw_name pointer is (nil), user = user2 | |
| Aug 8 13:24:11 ubuntu sshd[15664]: pw_name pointer allocated using strdup is 0x55597342f190, user = user2 | |
| Aug 8 13:24:15 ubuntu sshd[15664]: last_pw_name pointer is 0x55597342f190, user = user2 | |
| Aug 8 13:24:15 ubuntu sshd[15664]: pw_name pointer allocated using strdup is 0x55597342cdb0, user = user2 | |
| Aug 8 13:24:28 ubuntu sshd[15664]: last_pw_name pointer is 0x55597342cdb0, user = user2 | |
| Aug 8 13:24:28 ubuntu sshd[15664]: pw_name pointer allocated using strdup is 0x555973432d40, user = user2 | |
| Aug 8 13:20:48 ubuntu sshd[15395]: last_pw_name pointer is (nil), user = sshd |
ganeshragnarayanan
/ gist:9bf228fc06e2f0426afb028487616cd6
Created
August 5, 2016 17:09
PAM sshd configs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bash-4.3# cat sshd | |
| #%PAM-1.0 | |
| auth include common-auth-access | |
| account optional pam_permit.so | |
| #account required pam_nologin.so | |
| #account include common-account-access | |
| password include common-password-access | |
| session optional pam_keyinit.so force revoke | |
| session include common-session-access |