diff options
| -rw-r--r-- | nss_tacplus.c | 7 | ||||
| -rw-r--r-- | tacplus_nss.conf | 10 |
2 files changed, 17 insertions, 0 deletions
diff --git a/nss_tacplus.c b/nss_tacplus.c index 0119343..cdc2c47 100644 --- a/nss_tacplus.c +++ b/nss_tacplus.c @@ -103,6 +103,13 @@ static int nss_tacplus_config(int *errnop, const char *cfile, int top) } else if(!strncmp(lbuf, "debug=", 6)) debug = strtoul(lbuf+6, NULL, 0); + else if (!strncmp (lbuf, "timeout=", 8)) { + tac_timeout = (int)strtoul(lbuf+8, NULL, 0); + if (tac_timeout < 0) /* explict neg values disable poll() use */ + tac_timeout = 0; + else /* poll() only used if timeout is explictly set */ + tac_readtimeout_enable = 1; + } /* * This next group is here to prevent a warning in the * final "else" case. We don't need them, but if there diff --git a/tacplus_nss.conf b/tacplus_nss.conf index f5c5f33..50d639b 100644 --- a/tacplus_nss.conf +++ b/tacplus_nss.conf @@ -39,6 +39,16 @@ exclude_users=root,cumulus,quagga,ntp # including the IP address and shared secret include=/etc/tacplus_servers +# The connection timeout for an NSS library should be short, since it is +# invoked for many programs and daemons, and a failure is usually not +# catastrophic. Not set or set to a negative value disables use of poll(). +# This follows the include of tacplus_servers, so it can override any +# timeout value set in that file. +# It's important to have this set in this file, even if the same value +# as in tacplus_servers, since tacplus_servers should not be readable +# by users other than root. +timeout=5 + # The server IP address can be optionally followed by a ':' and a port # number (server=1.1.1.1:49). #secret=SECRET1 |