diff options
Diffstat (limited to 'tacplus_nss.conf')
| -rw-r--r-- | tacplus_nss.conf | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/tacplus_nss.conf b/tacplus_nss.conf index bb4eb1e..3c71422 100644 --- a/tacplus_nss.conf +++ b/tacplus_nss.conf @@ -30,7 +30,7 @@ min_uid=1001 # that during pathname completion, bash can do an NSS lookup on "*" # To avoid server round trip delays, or worse, unreachable server delays # on filename completion, we include "*" in the exclusion list. -exclude_users=root,cumulus,quagga,sshd,ntp,* +exclude_users=root,daemon,nobody,cron,radius_user,radius_priv_user,sshd,cumulus,quagga,frr,snmp,www-data,ntp,man,_lldpd,* # The include keyword allows centralizing the tacacs+ server information # including the IP address and shared secret @@ -42,6 +42,12 @@ include=/etc/tacplus_servers #secret=SECRET1 #server=1.1.1.1 +# Sets the IPv4 address used as the source IP address when communicating with +# the TACACS+ server. IPv6 addresses are not supported, nor are hostnames. +# The address must work when passsed to the bind() system call, that is, it must +# be valid for the interface being used. +# source_ip=192.168.1.3 + # The connection timeout for an NSS library should be short, since it is # invoked for many programs and daemons, and a failure is usually not # catastrophic. Not set or set to a negative value disables use of poll(). |