From 52aa2d434ed03f0a386eb3bb6a12cb83b0c005c6 Mon Sep 17 00:00:00 2001 From: Dave Olson Date: Tue, 7 Mar 2017 12:59:42 -0800 Subject: Add support for mgmt vrf When management vrf is enabled and vrf is present in the tacacs config, if we are unable to reach any configured tacacs server, try setting vrf context on the socket. Previously libnss-tacplus worked only with ssh@mgmt, now works with normal ssh in mgmt vrf Setting via the socket (rather than vrf context) is required so we don't set the VRF context for arbitrary processes that do uid or username lookups. --- debian/control | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'debian/control') diff --git a/debian/control b/debian/control index 3d95156..ea65d0b 100644 --- a/debian/control +++ b/debian/control @@ -1,14 +1,17 @@ Source: libnss-tacplus Priority: optional Maintainer: Dave Olson -Build-Depends: debhelper (>= 9), autotools-dev, libtac-dev, libtacplus-map-dev, libaudit-dev, autoconf, libpam-tacplus-dev, dpkg-dev (>= 1.16.1) +Build-Depends: debhelper (>= 9), autotools-dev, libtac-dev (>= 1.4.1~), + libtacplus-map-dev, libaudit-dev, autoconf, libpam-tacplus-dev, + dpkg-dev (>= 1.16.1), git Section: libs Standards-Version: 3.9.6 Homepage: http://www.cumulusnetworks.com Package: libnss-tacplus Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libtac2, libtacplus-map1, libaudit1 +Depends: ${shlibs:Depends}, ${misc:Depends}, libtac2 (>= 1.4.1~), + libtacplus-map1, libaudit1 Description: NSS module for TACACS+ authentication without local passwd entry Performs getpwname and getpwuid lookups via NSS for users logged in via tacacs authentication, and mapping done with libtacplus_map -- cgit v1.2.3