|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| NSS_TACPLUS(8) | FreeBSD System Manager's Manual | NSS_TACPLUS(8) |
NAME
nss_tacplus —
TACACS+ nsswitch module
SYNOPSIS
passwd: files
tacplus
DESCRIPTION
The nss_tacplus module is a loadable NSS
module which provides a minimal identity service using a TACACS+
backend.
Due to the limitations of the TACACS+ protocol, the functionality
provided by the nss_tacplus module is very limited:
it can look up a user by name, but not by uid, and it cannot enumerate
users.
To look up a user, the nss_tacplus module
submits an authorization request with authentication method
TAC_PLUS_AUTHEN_METH_NOT_SET, authentication type
TAC_PLUS_AUTHEN_TYPE_NOT_SET, and authentication
service TAC_PLUS_AUTHEN_SVC_LOGIN, for the
“shell” service. If the response status is either
TAC_PLUS_AUTHOR_STATUS_PASS_ADD or
TAC_PLUS_AUTHOR_STATUS_PASS_REPL, the user is
considered to exist and the nss_tacplus module fills
out a struct passwd for it.
The following attributes, if included in the response from the TACACS+ server, are used to construct the response:
- UID
- Numeric user ID. Must be between 0 and
UID_MAX. Defaults to 65534. - GID
- Numeric primary group ID. Must be between 0 and
GID_MAX. Defaults to 65534. - CLASS
- Login class. Left blank if not provided.
- GECOS
- Display name. If not provided, the user name is used instead.
- HOME
- Home directory. Defaults to /.
- SHELL
- Shell. Defaults to /bin/sh.
Case is ignored when matching attribute names. If an attribute is included multiple times, the last value takes effect.
SEE ALSO
HISTORY
The nss_tacplus module and this manual
page were written by Dag-Erling Smørgrav
<des@FreeBSD.org> for
Klara Systems.
| June 13, 2023 | FreeBSD 14.3-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.