Copyright (c) 2023 Klara, Inc.
SPDX-License-Identifier: BSD-2-Clause
.Dd June 13, 2023 .Dt NSS_TACPLUS 8 .Os .Sh NAME .Nm nss_tacplus .Nd TACACS+ nsswitch module .Sh SYNOPSIS c passwd : files tacplus .Sh DESCRIPTION The .Nm module is a loadable NSS module which provides a minimal identity service using a TACACS+ backend.
p Due to the limitations of the TACACS+ protocol, the functionality provided by the .Nm module is very limited: it can look up a user by name, but not by uid, and it cannot enumerate users.
p To look up a user, the .Nm module submits an authorization request with authentication method .Dv TAC_PLUS_AUTHEN_METH_NOT_SET , authentication type .Dv TAC_PLUS_AUTHEN_TYPE_NOT_SET , and authentication service .Dv TAC_PLUS_AUTHEN_SVC_LOGIN , for the .Dq shell service. If the response status is either .Dv TAC_PLUS_AUTHOR_STATUS_PASS_ADD or .Dv TAC_PLUS_AUTHOR_STATUS_PASS_REPL , the user is considered to exist and the .Nm module fills out a .Vt struct passwd for it.
p The following attributes, if included in the response from the TACACS+ server, are used to construct the response: l -tag -width GECOS t Va UID Numeric user ID. Must be between 0 and .Dv UID_MAX . Defaults to 65534. t Va GID Numeric primary group ID. Must be between 0 and .Dv GID_MAX . Defaults to 65534. t Va CLASS Login class. Left blank if not provided. t Va GECOS Display name. If not provided, the user name is used instead. t Va HOME Home directory. Defaults to
a / . t Va SHELL Shell. Defaults to
p Case is ignored when matching attribute names. If an attribute is included multiple times, the last value takes effect. .Sh SEE ALSO .Xr libtacplus 3 , .Xr tacplus.conf 5 , .Xr pam_tacplus 8 .Sh HISTORY .An -nosplit The .Nm module and this manual page were written by .An Dag-Erling Sm��rgrav Aq Mt des@FreeBSD.org for Klara Systems.