16c5cdba1SDag-Erling Smørgrav.\"- 26c5cdba1SDag-Erling Smørgrav.\" Copyright (c) 2023 Klara, Inc. 36c5cdba1SDag-Erling Smørgrav.\" 46c5cdba1SDag-Erling Smørgrav.\" SPDX-License-Identifier: BSD-2-Clause 56c5cdba1SDag-Erling Smørgrav.\" 6*246aec9aSDag-Erling Smørgrav.Dd June 13, 2023 76c5cdba1SDag-Erling Smørgrav.Dt NSS_TACPLUS 8 86c5cdba1SDag-Erling Smørgrav.Os 96c5cdba1SDag-Erling Smørgrav.Sh NAME 106c5cdba1SDag-Erling Smørgrav.Nm nss_tacplus 116c5cdba1SDag-Erling Smørgrav.Nd TACACS+ nsswitch module 126c5cdba1SDag-Erling Smørgrav.Sh SYNOPSIS 136c5cdba1SDag-Erling Smørgrav.Ic passwd : files tacplus 146c5cdba1SDag-Erling Smørgrav.Sh DESCRIPTION 156c5cdba1SDag-Erling SmørgravThe 166c5cdba1SDag-Erling Smørgrav.Nm 176c5cdba1SDag-Erling Smørgravmodule is a loadable NSS module which provides a minimal identity 186c5cdba1SDag-Erling Smørgravservice using a TACACS+ backend. 196c5cdba1SDag-Erling Smørgrav.Pp 206c5cdba1SDag-Erling SmørgravDue to the limitations of the TACACS+ protocol, the functionality 216c5cdba1SDag-Erling Smørgravprovided by the 226c5cdba1SDag-Erling Smørgrav.Nm 236c5cdba1SDag-Erling Smørgravmodule is very limited: it can look up a user by name, but not by uid, 246c5cdba1SDag-Erling Smørgravand it cannot enumerate users. 256c5cdba1SDag-Erling Smørgrav.Pp 266c5cdba1SDag-Erling SmørgravTo look up a user, the 276c5cdba1SDag-Erling Smørgrav.Nm 286c5cdba1SDag-Erling Smørgravmodule submits an authorization request with authentication method 296c5cdba1SDag-Erling Smørgrav.Dv TAC_PLUS_AUTHEN_METH_NOT_SET , 306c5cdba1SDag-Erling Smørgravauthentication type 316c5cdba1SDag-Erling Smørgrav.Dv TAC_PLUS_AUTHEN_TYPE_NOT_SET , 326c5cdba1SDag-Erling Smørgravand authentication service 336c5cdba1SDag-Erling Smørgrav.Dv TAC_PLUS_AUTHEN_SVC_LOGIN , 346c5cdba1SDag-Erling Smørgravfor the 356c5cdba1SDag-Erling Smørgrav.Dq shell 366c5cdba1SDag-Erling Smørgravservice. 376c5cdba1SDag-Erling SmørgravIf the response status is either 386c5cdba1SDag-Erling Smørgrav.Dv TAC_PLUS_AUTHOR_STATUS_PASS_ADD 396c5cdba1SDag-Erling Smørgravor 406c5cdba1SDag-Erling Smørgrav.Dv TAC_PLUS_AUTHOR_STATUS_PASS_REPL , 416c5cdba1SDag-Erling Smørgravthe user is considered to exist and the 426c5cdba1SDag-Erling Smørgrav.Nm 436c5cdba1SDag-Erling Smørgravmodule fills out a 446c5cdba1SDag-Erling Smørgrav.Vt struct passwd 456c5cdba1SDag-Erling Smørgravfor it. 466c5cdba1SDag-Erling Smørgrav.Pp 476c5cdba1SDag-Erling SmørgravThe following attributes, if included in the response from the TACACS+ 486c5cdba1SDag-Erling Smørgravserver, are used to construct the response: 496c5cdba1SDag-Erling Smørgrav.Bl -tag -width GECOS 506c5cdba1SDag-Erling Smørgrav.It Va UID 516c5cdba1SDag-Erling SmørgravNumeric user ID. 526c5cdba1SDag-Erling SmørgravMust be between 0 and 536c5cdba1SDag-Erling Smørgrav.Dv UID_MAX . 546c5cdba1SDag-Erling SmørgravDefaults to 65534. 556c5cdba1SDag-Erling Smørgrav.It Va GID 566c5cdba1SDag-Erling SmørgravNumeric primary group ID. 576c5cdba1SDag-Erling SmørgravMust be between 0 and 586c5cdba1SDag-Erling Smørgrav.Dv GID_MAX . 596c5cdba1SDag-Erling SmørgravDefaults to 65534. 60*246aec9aSDag-Erling Smørgrav.It Va CLASS 61*246aec9aSDag-Erling SmørgravLogin class. 62*246aec9aSDag-Erling SmørgravLeft blank if not provided. 636c5cdba1SDag-Erling Smørgrav.It Va GECOS 646c5cdba1SDag-Erling SmørgravDisplay name. 656c5cdba1SDag-Erling SmørgravIf not provided, the user name is used instead. 666c5cdba1SDag-Erling Smørgrav.It Va HOME 676c5cdba1SDag-Erling SmørgravHome directory. 686c5cdba1SDag-Erling SmørgravDefaults to 696c5cdba1SDag-Erling Smørgrav.Pa / . 706c5cdba1SDag-Erling Smørgrav.It Va SHELL 716c5cdba1SDag-Erling SmørgravShell. 726c5cdba1SDag-Erling SmørgravDefaults to 736c5cdba1SDag-Erling Smørgrav.Pa /bin/sh . 746c5cdba1SDag-Erling Smørgrav.El 756c5cdba1SDag-Erling Smørgrav.Pp 766c5cdba1SDag-Erling SmørgravCase is ignored when matching attribute names. 776c5cdba1SDag-Erling SmørgravIf an attribute is included multiple times, the last value takes 786c5cdba1SDag-Erling Smørgraveffect. 796c5cdba1SDag-Erling Smørgrav.Sh SEE ALSO 806c5cdba1SDag-Erling Smørgrav.Xr libtacplus 3 , 816c5cdba1SDag-Erling Smørgrav.Xr tacplus.conf 5 , 826c5cdba1SDag-Erling Smørgrav.Xr pam_tacplus 8 836c5cdba1SDag-Erling Smørgrav.Sh HISTORY 846c5cdba1SDag-Erling Smørgrav.An -nosplit 856c5cdba1SDag-Erling SmørgravThe 866c5cdba1SDag-Erling Smørgrav.Nm 876c5cdba1SDag-Erling Smørgravmodule and this manual page were written by 886c5cdba1SDag-Erling Smørgrav.An Dag-Erling Smørgrav Aq Mt des@FreeBSD.org 896c5cdba1SDag-Erling Smørgravfor Klara Systems. 90