2 .\" Copyright (c) 2023 Klara, Inc.
4 .\" SPDX-License-Identifier: BSD-2-Clause
11 .Nd TACACS+ nsswitch module
13 .Ic passwd : files tacplus
17 module is a loadable NSS module which provides a minimal identity
18 service using a TACACS+ backend.
20 Due to the limitations of the TACACS+ protocol, the functionality
23 module is very limited: it can look up a user by name, but not by uid,
24 and it cannot enumerate users.
26 To look up a user, the
28 module submits an authorization request with authentication method
29 .Dv TAC_PLUS_AUTHEN_METH_NOT_SET ,
31 .Dv TAC_PLUS_AUTHEN_TYPE_NOT_SET ,
32 and authentication service
33 .Dv TAC_PLUS_AUTHEN_SVC_LOGIN ,
37 If the response status is either
38 .Dv TAC_PLUS_AUTHOR_STATUS_PASS_ADD
40 .Dv TAC_PLUS_AUTHOR_STATUS_PASS_REPL ,
41 the user is considered to exist and the
47 The following attributes, if included in the response from the TACACS+
48 server, are used to construct the response:
56 Numeric primary group ID.
62 Left blank if not provided.
65 If not provided, the user name is used instead.
76 Case is ignored when matching attribute names.
77 If an attribute is included multiple times, the last value takes
87 module and this manual page were written by
88 .An Dag-Erling Smørgrav Aq Mt des@FreeBSD.org