I have been using RADIUS and TACACS+ AAA on CentOS 6 and need to duplicate that functionality on CentOS 8. However, the changes to how you now configure NSS confuse me. How do I make changes to nsswitch.conf? Specifically, on CentOS 6, I have been replacing passwd: files
in /etc/nsswitch.conf with passwd: tacplus files
for TACACS+ support and with passwd: mapname files mapuid
for RADIUS support. (I also include corresponding rules to /etc/pam.d/sshd and login.) On CentOS 8, I see a warning in /etc/nsswitch.conf to not modify it. I tried what it says:
# If you want to make changes to nsswitch.conf please modify
# /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'.
But that doesn't change nsswitch.conf.