tac_plus-ng: add PAM demo config sample

MarcJHuber · Oct 17, 2024 · 7a10fdc · 7a10fdc
1 parent 684d826
commit 7a10fdc
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/tac_plus-ng/sample/tac_plus-ng-pam-demo.cfg b/tac_plus-ng/sample/tac_plus-ng-pam-demo.cfg
@@ -0,0 +1,25 @@
+#!/usr/local/bin/tactrace.pl --conf
+#
+# Sample config file for tac_plus-ng with pammavis or pammavis-mt backend.
+#
+# chmod 755 it and run it for seeing tactrace.pl output.
+#
+
+id = spawnd {
+	background = no
+	single process = yes
+	listen { port = 4949 }
+}
+
+id = tac_plus-ng {
+	# single--threaded backend, 
+	mavis module demo = external { exec = /usr/local/sbin/pammavis pammavis -s sshd }
+	# Or, using the multi-threaded backend:
+	# mavis module demo-mt  = external-mt { exec = /usr/local/sbin/pammavis-mt pammavis-mt -s sshd }
+	user backend = mavis	# retrieve user data from backend
+	login backend = mavis	# use backend for user login authentication
+	pap password = login	# map pap password to login password
+	device world { address = 0.0.0.0/0 key = demo }
+	profile demo { script {if (service == shell) { if (cmd == "") set priv-lvl = 15 permit } } }
+	ruleset { rule demo-rule { script { profile = demo permit } } }
+}