| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This is done to handle the case where nss_tacplus.so is included in
a long-lived daemon. It's desirable to have long-lived daemons reflect
changes to the configuration, both to enable/disable debugging, and
particularly if the server list or key changes. Clear all read config
variables to defaults when re-parsing.
This is complicated by nested configuration files via the include
directive. At top level, we need to check all the previously used
configuration files to see if any have changed.
This also adds a limitation to no more than 8 deep include nesting. In
practice, > 2 is going to be very rare, so it should be OK.
Log a message when we re-initialize (without using debug qualifier).
|
|
|
|
|
|
|
|
size_t is only an int on 32 bit ARM, so %ld gives an error. Add a cast.
|
|
Initial version with NSS lookups for tacacs users using mapping
Works with modified libpam-tacplus to authenticate TACACS+ users
without local passwd entries, mapping them to tacacs0..15 based on
TACACS privilege level.
When the /etc/tacplus_servers tacacs config file is mode 600 (normally
the case since it has the server "secret" key), lookups will only work
for tacacs users that are logged in, via the local mapping. For root,
getpwnam lookups will work for any TACACS user known to the servers.
Most syslog's enabled only if debug is set in the config file.
|
|
Initial version with NSS lookups for tacacs users using mapping
Works with modified libpam-tacplus to authenticate TACACS+ users
without local passwd entries, mapping them to tacacs0..15 based on
TACACS privilege level.
When the /etc/tacplus_servers tacacs config file is mode 600 (normally
the case since it has the server "secret" key), lookups will only work
for tacacs users that are logged in, via the local mapping. For root,
getpwnam lookups will work for any TACACS user known to the servers.
Most syslog's enabled only if debug is set in the config file.
|
