xref: /freebsd/lib/nss_tacplus/nss_tacplus.8 (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1.\"-
2.\" Copyright (c) 2023 Klara, Inc.
3.\"
4.\" SPDX-License-Identifier: BSD-2-Clause
5.\"
6.Dd June 13, 2023
7.Dt NSS_TACPLUS 8
8.Os
9.Sh NAME
10.Nm nss_tacplus
11.Nd TACACS+ nsswitch module
12.Sh SYNOPSIS
13.Ic passwd : files tacplus
14.Sh DESCRIPTION
15The
16.Nm
17module is a loadable NSS module which provides a minimal identity
18service using a TACACS+ backend.
19.Pp
20Due to the limitations of the TACACS+ protocol, the functionality
21provided by the
22.Nm
23module is very limited: it can look up a user by name, but not by uid,
24and it cannot enumerate users.
25.Pp
26To look up a user, the
27.Nm
28module submits an authorization request with authentication method
29.Dv TAC_PLUS_AUTHEN_METH_NOT_SET ,
30authentication type
31.Dv TAC_PLUS_AUTHEN_TYPE_NOT_SET ,
32and authentication service
33.Dv TAC_PLUS_AUTHEN_SVC_LOGIN ,
34for the
35.Dq shell
36service.
37If the response status is either
38.Dv TAC_PLUS_AUTHOR_STATUS_PASS_ADD
39or
40.Dv TAC_PLUS_AUTHOR_STATUS_PASS_REPL ,
41the user is considered to exist and the
42.Nm
43module fills out a
44.Vt struct passwd
45for it.
46.Pp
47The following attributes, if included in the response from the TACACS+
48server, are used to construct the response:
49.Bl -tag -width GECOS
50.It Va UID
51Numeric user ID.
52Must be between 0 and
53.Dv UID_MAX .
54Defaults to 65534.
55.It Va GID
56Numeric primary group ID.
57Must be between 0 and
58.Dv GID_MAX .
59Defaults to 65534.
60.It Va CLASS
61Login class.
62Left blank if not provided.
63.It Va GECOS
64Display name.
65If not provided, the user name is used instead.
66.It Va HOME
67Home directory.
68Defaults to
69.Pa / .
70.It Va SHELL
71Shell.
72Defaults to
73.Pa /bin/sh .
74.El
75.Pp
76Case is ignored when matching attribute names.
77If an attribute is included multiple times, the last value takes
78effect.
79.Sh SEE ALSO
80.Xr libtacplus 3 ,
81.Xr tacplus.conf 5 ,
82.Xr pam_tacplus 8
83.Sh HISTORY
84.An -nosplit
85The
86.Nm
87module and this manual page were written by
88.An Dag-Erling Smørgrav Aq Mt des@FreeBSD.org
89for Klara Systems.
90