Hi all,
I am working on a system which does TACACS+ authentication of users with pam_tacplus and
nss_tacplus libraries
nss_tacplus:
https://github.com/benschumacher/nss_tacplus
pam_tacplus:
https://github.com/kravietz/pam_tacplus
This solution relied on NSCD to be running, since the nss_tacplus only implemented
getpwnam_r . For getpwuid_r etc it relied on the cached entries in nscd. It was working
fine until fedora removed NSCD from glibc in FC36
(
https://fedoraproject.org/wiki/Changes/RemoveNSCD)
The above write up indicates that SSSD could be used to cover all cacheing requirements
that was previously provided by NSCD. However I am unable to configure SSSD for my use
case.
When I tried to link the id_provider as proxy and the proxy_lib_name as tacplus, sssd
fails to come up. If fails with this error:
(2022-12-19 23:32:35): [be[shadowutils]] [sss_load_nss_symbols] (0x0010): Library
'libnss_tacplus.so.2' did not provide mandatory symbol 'getpwuid_r',
error: /lib64/libnss_tacplus.so.2: undefined symbol: _nss_tacplus_getpwuid_r.
Is there any way to use sssd with the above mentioned nss_tacplus library? By this I mean
can sssd be configured to do getpwnam only using the nss_tacplus, at which time it could
cache the passwd details of the user, and use the cache for the other APIs like getpwuid
etc?