Support for PAM login (vs cleartext) for TACACS+ authentication in cnMaestro on-Premises

TACACS+ is a free service hosted on Linux. The way that I understand it from the cnMaestro documentation and the interface, cnMaestro is able to use a TACACS+ server for authentication of users to the cnMaestro web application. My hope is to be able to use our existing TACACS+ server with the PAM module to authenticate our LDAP sessions so that we do not have to create all brand new users on the cnMaestro box.

An example of the set up can be seen on the forum post: https://community.cambiumnetworks.com/t5/cnMaestro/Integrating-open-source-TACACS-with-cnMaestro/td-p/82943 .

Only difference between what we are attempting to do and the forum post is to use PAM for login instead of a clear text password as far as I can see.

It definitely functions if I use a cleartext password. 

Thank you for posting this Chris!

If we had support for the PAM module that TACACS+ uses then security would be much higher vs cleartext.

Only thing I would add is that below would be an example how the TACACS+ file might be layed out:

user = genericuser {
   login = PAM
   member = admin
       service = cnmaestro {
         role = super_admin_role
       }
}

-Mateo