diff options
| author | Dave Olson <olson@cumulusnetworks.com> | 2017-03-23 22:42:24 -0700 |
|---|---|---|
| committer | Dave Olson <olson@cumulusnetworks.com> | 2017-05-23 17:05:52 -0700 |
| commit | 9b056a2a66ec7006d86121509ef1049c7f6f0725 (patch) | |
| tree | 7064198f039e24912c0fa573c12174861eb476b3 /debian | |
| parent | 1e79d33bc397c0a9f30512a624ce51153e981f89 (diff) | |
| download | libnss-tacplus-9b056a2a66ec7006d86121509ef1049c7f6f0725.tar.gz libnss-tacplus-9b056a2a66ec7006d86121509ef1049c7f6f0725.zip | |
Support using and returning per-tacacs user homedir
Get setting from map on whether login was set up to use per-tacacs
user homedir, rather than the homedir from the local tacacsN users.
The mkhomedir_helper program is used in pam_tacplus to create home
directory (like pam_mkhomedir.so) when user homedir is requested, but
the home directory does not exist.
The config file setting in this code is not used when using map and the user
is found in map; we then use the setting from the map.
When mapping doesn't exist, then use our own config setting.
user_homedirs is ignored if shell is a restricted shell (as set up by
tacplus-restrict) because we need to honor the per-command
authorization setup in that case.
Updated changelog
Also fixed up the spelling of dev-support
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index cf33b24..6b20592 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ libnss-tacplus (1.0.3-1) unstable; urgency=low - * added config variable "timeout" to limit time attempting to - * added config variable "exclude_users" in /etc/tacplus_nss + * Added config variable "timeout" to limit time attempting to + connect to non-responding TACACS server. + * Added config variable "exclude_users" in /etc/tacplus_nss to avoid looking up "local" user accounts via TACACS servers. This improves overall system performance for local users, and avoids significant delays when a TACACS server is unreachable. @@ -10,11 +11,12 @@ libnss-tacplus (1.0.3-1) unstable; urgency=low * Minor corrections to Copyright and licensing * Added vrf config variable, so NSS lookups work correctly$ * During login, send remote add IP address in AUTH request - connect to non-responding TACACS server. - * configuration files should automatically be reparsed + * Configuration files should automatically be reparsed if they change, for long-lived programs and daemons that use NSS. + * Added user_homedir config variable to allow per-user + home directories (unless per-command authorization is enabled) - -- Dave Olson <olson@cumulusnetworks.com> Tue, 07 Mar 2017 12:58:03 -0800 + -- Dave Olson <olson@cumulusnetworks.com> Thu, 23 Mar 2017 22:40:01 -0800 libnss-tacplus (1.0.2-1) unstable; urgency=low |