libnss-tacplus.git - NSS plugin to lookup tacacs client username, and match mapped user after login (mirror of https://github.com/vyos/libnss-tacplus.git)

Age	Commit message (Collapse)	Author
2024-04-29	Import version 1.0.4-cl5.1.0u11 from Cumulus Linux	Christian Breunig

2017-05-23	Add support for mgmt vrf	Dave Olson
	When management vrf is enabled and vrf is present in the tacacs config, if we are unable to reach any configured tacacs server, try setting vrf context on the socket. Previously libnss-tacplus worked only with ssh@mgmt, now works with normal ssh in mgmt vrf Setting via the socket (rather than vrf context) is required so we don't set the VRF context for arbitrary processes that do uid or username lookups.
2016-10-06	Fix 32-bit system build error	Dave Olson
	size_t is only an int on 32 bit ARM, so %ld gives an error. Add a cast.
2016-06-28	Provide getpwnam_r entry point to lookup mapped TACACS+ users	Dave Olson
	Initial version with NSS lookups for tacacs users using mapping Works with modified libpam-tacplus to authenticate TACACS+ users without local passwd entries, mapping them to tacacs0..15 based on TACACS privilege level. When the /etc/tacplus_servers tacacs config file is mode 600 (normally the case since it has the server "secret" key), lookups will only work for tacacs users that are logged in, via the local mapping. For root, getpwnam lookups will work for any TACACS user known to the servers. Most syslog's enabled only if debug is set in the config file.