Timeline for TACACS+ server authorization issues: Authentication is functioning correctly, but I’m encountering challenges in enabling shell command authorization
Current License: CC BY-SA 4.0
5 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Mar 13 at 4:24 | comment | added | Teresa | We were trying to achieve AAA service for native Linux client against TACACS+ server. Authentication is working properly by making use of PAM-tacacsplus module. After a lot of research and as per your comment, it seems like Linux doesn't have support for per command authorization and accounting against a TACACS+ server. Thank You for your reply | |
Mar 11 at 20:32 | comment | added | telcoM | If you are willing to consider commercial solutions, it seems the product once known as PowerBroker, and now apparently Endpoint Privilege Management, might suit your needs. | |
Mar 11 at 20:30 | comment | added | telcoM | Exactly how is your task defined? Which is the actual primary goal? Is there a specific, finite list of tasks a restricted user should be able to do, or is this more about establishing a fully general centralized control and auditing? Are you already using file/directory permissions, audit subsystem and AppArmor to the maximum reasonable extent? Why not? You might want to write a new question, as there are a lot of possible solutions, depending on various details. Fixating on TACACS+ was a bit of an XY problem. | |
Mar 11 at 9:51 | comment | added | Teresa | Thank you for your comprehensive explanation. It appears that there is no support for command authorization in Linux using PAM and TACACS+. Could you kindly suggest an alternative method to accomplish this task, possibly through the utilization of a third-party library or any other means? | |
Mar 11 at 7:47 | history | answered | telcoM | CC BY-SA 4.0 |