Provide getpwnam_r entry point to lookup mapped TACACS+ users

Initial version with NSS lookups for tacacs users using mapping
Works with modified libpam-tacplus to authenticate TACACS+ users
without local passwd entries, mapping them to tacacs0..15 based on
TACACS privilege level.

When the /etc/tacplus_servers tacacs config file is mode 600 (normally
the case since it has the server "secret" key), lookups will only work
for tacacs users that are logged in, via the local mapping.  For root,
getpwnam lookups will work for any TACACS user known to the servers.

Most syslog's enabled only if debug is set in the config file.

1 files changed, 32 insertions, 0 deletions

diff --git a/debian/libnss-tacplus.postinst b/debian/libnss-tacplus.postinst
new file mode 100644
index 0000000..9541608
--- /dev/null
+++ b/debian/libnss-tacplus.postinst
@@ -0,0 +1,32 @@
+#!/bin/sh
+# postinst script for libnss-tacplus
+#
+# see: dh_installdeb(1)
+
+set -e
+
+case "$1" in
+    configure)
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# Add tacplus to /etc/nsswitch.conf, since it's necessary
+# for this package, and won't break anything else.  Do nothing
+# if tacplus is already present in the passwd line
+if [ -e "/etc/nsswitch.conf" ]; then
+    sed -i -e '/tacplus/b' \
+        -e '/^passwd/s/compat/tacplus &/' /etc/nsswitch.conf
+fi
+
+
+#DEBHELPER#
+
+exit 0