Skip to content

Instantly share code, notes, and snippets.

@ganeshragnarayanan

ganeshragnarayanan/Tacacs SSH PAM UT

Created September 1, 2016 18:58
Show Gist options
  • Save ganeshragnarayanan/4b2bc9c0b35dafba0c4cba1b71fc5754 to your computer and use it in GitHub Desktop.
Save ganeshragnarayanan/4b2bc9c0b35dafba0c4cba1b71fc5754 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Tacacs SSH PAM UT
Logs with Tacacs ONLY user
===========================
Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user sshd, TEMPLATE_USER = admin
Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin
Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: 1 servers defined
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_service=''
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_protocol=''
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_prompt=''
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_login='pap'
Sep 1 11:45:11 ubuntu sshd[1731]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
Sep 1 11:45:11 ubuntu sshd[1731]: pam_sm_authenticate: user [user1] obtained
Sep 1 11:45:11 ubuntu sshd[1731]: tacacs_get_password: called
Sep 1 11:45:11 ubuntu sshd[1731]: tacacs_get_password: obtained password
Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: unable to obtain password
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: 1 servers defined
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_service=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_protocol=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_prompt=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_login='pap'
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: user [user1] obtained
Sep 1 11:45:15 ubuntu sshd[1731]: tacacs_get_password: called
Sep 1 11:45:15 ubuntu sshd[1731]: tacacs_get_password: obtained password
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: password obtained
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: tty [ssh] obtained
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: rhost [172.17.0.1] obtained
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: trying srv 0
Sep 1 11:45:15 ubuntu sshd[1731]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: active srv 0
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: exit with pam status: 0
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: success setting PAM environment
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_acct_mgmt: got PAM env, auth_status = success
Sep 1 11:45:15 ubuntu sshd[1731]: Accepted password for user1 from 172.17.0.1 port 40344 ssh2
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: 1 servers defined
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_service=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_protocol=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_prompt=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_login='pap'
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_setcred: called (pam_tacplus v1.3.8)
Sep 1 11:45:15 ubuntu sshd[1731]: pam_keyinit(sshd:session): Unable to look up user "user1"
Sep 1 11:45:15 ubuntu sshd[1731]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Sep 1 11:45:15 ubuntu sshd[1731]: pam_systemd(sshd:session): Failed to get user data.
Sep 1 11:45:15 ubuntu sshd[1731]: pam_systemd(sshd:session): Failed to get user data.
Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_open_session: got PAM env, auth_status = success
Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: 1 servers defined
Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: server[0] { addr=192.168.9.131:49, key='tac_test' }
Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_service=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_protocol=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_prompt=''
Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_login='pap'
Sep 1 11:45:15 ubuntu sshd[1745]: pam_sm_setcred: called (pam_tacplus v1.3.8)
Sep 1 11:45:15 ubuntu sshd[1731]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Sep 1 11:45:15 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin
Sep 1 11:45:15 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally
Sep 1 11:45:15 ubuntu sshd[1731]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
ssh user1@<ip>
switch:~$
cat /proc/self/loginuid
4294967295
/etc/nologin has no effect
Logs with local user
===========================
Sep 1 11:55:43 ubuntu sshd[515]: pam_sm_acct_mgmt: unable to get PAM env auth_status
Sep 1 11:55:43 ubuntu sshd[515]: Accepted password for admin from 172.17.0.1 port 58768 ssh2
Sep 1 11:55:43 ubuntu sshd[515]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Sep 1 11:55:43 ubuntu systemd: pam_unix(systemd-user:session): session opened for user admin by (uid=0)
Sep 1 11:55:43 ubuntu sshd[515]: pam_sm_open_session: unable to get PAM env auth_status
Sep 1 11:55:43 ubuntu sshd[515]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Sep 1 11:55:43 ubuntu sshd[515]: Tacacs_Dev: entering getpwnam for user admin, TEMPLATE_USER = admin
Sep 1 11:55:43 ubuntu sshd[515]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
ssh admin@<ip>
switch:~$
cat /proc/self/loginuid
1003
switch:~$
/etc/nologin prevents non-root users from getting logged in
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment