Using WiKID Strong Authentcation with TACACS+

How to configure a linux box with PAM and TACACS+ for WiKID Strong Authentication

These instructions are designed to help you configure and test using the WiKID TACACS+ protocol module via Linux PAM. This document has been updated to cover pam .99 and higher. The pam_stack module has been replaced by include.

First, edit your /etc/pam.d/sshd file to allow TACACS+ authentication:

auth       include      tacacs
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth

Next, install pam_tacplus:

You can download it here:
http://echelon.pl/pubs/pam_tacplus-1.2.9.tar.gz

$ tar xvfz pam_tacplus-1.2.9.tar.gz
$ make
# make install

Finally, create /etc/pam.d/tacacs:

#%PAM-1.0
auth       sufficient   /lib/security/pam_tacplus.so debug server=10.100.0.102 secret=support_secret encrypt
account    sufficient   /lib/security/pam_tacplus.so debug server=10.100.0.102 secret=support_secret encrypt service=shell protocol=ssh
session    sufficient   /lib/security/pam_tacplus.so debug server=10.100.0.102 secret=support_secret encrypt service=shell protocol=ssh

NB: If the tacacs listener is not starting on the WiKID server, run:

/opt/WiKID/bin/tac_plus -C /opt/WiKID/private/tacacs.conf

 

That should be it!

Join our email list
How do I add two-factor auth?

Download a registration-free free eGuide on How to Add Two-factor Authentication to Your Network, complete with examples.

    Thanks for responding so fast! Great service.

    INFOSEC PRO
    SAN DIEGO, USA