Hi all, I am working on a system which does TACACS+ authentication of users with pam_tacplus and nss_tacplus libraries nss_tacplus: https://github.com/benschumacher/nss_tacplus pam_tacplus: https://github.com/kravietz/pam_tacplus
This solution relied on NSCD to be running, since the nss_tacplus only implemented getpwnam_r . For getpwuid_r etc it relied on the cached entries in nscd. It was working fine until fedora removed NSCD from glibc in FC36 (https://fedoraproject.org/wiki/Changes/RemoveNSCD)
The above write up indicates that SSSD could be used to cover all cacheing requirements that was previously provided by NSCD. However I am unable to configure SSSD for my use case.
When I tried to link the id_provider as proxy and the proxy_lib_name as tacplus, sssd fails to come up. If fails with this error:
(2022-12-19 23:32:35): [be[shadowutils]] [sss_load_nss_symbols] (0x0010): Library 'libnss_tacplus.so.2' did not provide mandatory symbol 'getpwuid_r', error: /lib64/libnss_tacplus.so.2: undefined symbol: _nss_tacplus_getpwuid_r.
Is there any way to use sssd with the above mentioned nss_tacplus library? By this I mean can sssd be configured to do getpwnam only using the nss_tacplus, at which time it could cache the passwd details of the user, and use the cache for the other APIs like getpwuid etc?
sssd-users@lists.fedorahosted.org