From a8740bec7979f1060ab6759808e9f02dce184e46 Mon Sep 17 00:00:00 2001 From: Dave Olson Date: Mon, 26 Feb 2018 09:52:09 -0800 Subject: Fixed exclude_users to work, added more users, alway skip tacacs[0-9]* Ticket: CM-19886 Reviewed By: nobody Testing Done: Somehow exclude_users wasn't implemented (or got deleted somewhere along the line). Make list match tacplus_client, except exclude our own mapped users by matching config items, and also skip any user starting with tacacs[0-9] inline instead of listing all 16 in exclude_users field in config file. Implemened for mapped_priv_user too, since that work is ongoing. Listed change in debian/changelog If debug is set to 2 or higher, print that the name lookup was skipped due to exclusion. --- nss_mapuser.5 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'nss_mapuser.5') diff --git a/nss_mapuser.5 b/nss_mapuser.5 index 2bbabad..3e17aec 100644 --- a/nss_mapuser.5 +++ b/nss_mapuser.5 @@ -18,7 +18,13 @@ Output lookup debugging information via syslog(3). Usernames (accounts) comma separate list. This is used by mapname NSS plugin getpwuid() entry point. The account to be looked up is checked against this list. If a match is found, an immediate NOTFOUND status is returned. This reduces overhead for the standard -local user accounts. +local user accounts. The +.I mapped_user +and +.I mapped_priv_user +fields from the +configuration file are always skipped, as are any names starting with +.BR tacacs[0-9] . .TP .I mapped_user=NAME This is the local account which mapping uses as a template. It must be a local -- cgit v1.2.3