libnss-tacplus (1.0.4-cl5.1.0u11.1) UNRELEASED; urgency=medium * Improve line buffer for config file from 256 -> 2048 byte -- Christian Breunig Sun, 15 Dec 2024 10:40:40 +0100 libnss-tacplus (1.0.4-cl5.1.0u11) RELEASED; urgency=medium * new build for 5.1.0 from original hash cf2f734609a59da41248ed45e95807998a4a75f3 -- root Fri, 11 Feb 2022 20:25:59 +0000 libnss-tacplus (1.0.4-cl4u1) RELEASED; urgency=medium * First 4.0 release * Implemented the nss group entry points, so sudoers plugin no longer needed -- dev-support Tue, 22 Oct 2019 08:18:08 -0700 libnss-tacplus (1.0.4-cl3u3) RELEASED; urgency=low * Fixed problem with fallback to local authorization when all TACACS servers are down -- dev-support Tue, 21 Aug 2018 16:14:31 -0700 libnss-tacplus (1.0.4-cl3u2) RELEASED; urgency=low * Optimized attempts to connect to server that has previously not responded * Added tacplus_nss.conf man page -- dev-support Fri, 29 Jun 2018 13:43:12 -0700 libnss-tacplus (1.0.4-cl3u1) RELEASED; urgency=low * New: Enabled - added the ability to set the source IP address via the source_ip config variable. -- dev-support Tue, 03 Jul 2018 17:10:17 -0700 libnss-tacplus (1.0.3-cl3u4) RELEASED; urgency=low * Added man, snmp, daemon, nobody, cron, radius users and frr to exclude_users to prevent tacacs lookup on these system accounts. -- dev-support Wed, 14 Feb 2018 14:14:00 -0800 libnss-tacplus (1.0.3-cl3u3) RELEASED; urgency=low * do not log message about acct_all unknown config variable -- dev-support Thu, 28 Sep 2017 14:47:10 -0700 libnss-tacplus (1.0.3-cl3u2) RELEASED; urgency=low * Fixed package remove to clean up plugin entries in nsswitch.conf -- dev-support Fri, 30 Jun 2017 13:34:20 -0700 libnss-tacplus (1.0.3-cl3u1) RELEASED; urgency=low * New Disabled: added user_homedir config variable to allow per-user home directories (unless per-command authorization is enabled) * Closes: CM-16082: configuration files should automatically be reparsed if they change, for long-lived programs and daemons that use NSS. -- dev-support Fri, 12 May 2017 14:51:23 -0700 libnss-tacplus (1.0.2-cl3u1) RELEASED; urgency=low * New Enabled: added vrf config variable, so NSS lookups work for normal ssh use (rather than ssh@mgmt) * Closes: CM-15481: During login, send remote add IP address in AUTH request -- dev-support Tue, 07 Mar 2017 14:54:34 -0800 libnss-tacplus (1.0.1-cl3u3) RELEASED; urgency=low * New Enabled: added config variable "timeout" to limit time attempting to connect to non-responding TACACS server. * New Enabled: added config variable "exclude_users" in /etc/tacplus_nss to avoid looking up "local" user accounts via TACACS servers. This improves overall system performance for local users, and avoids significant delays when a TACACS server is unreachable. * Fixed issues with ordering of multiple servers and secrets in config files. libraries can connect to a TACACS+ server without being tacacs aware. * Improved debugging messages. * Minor corrections to Copyright and licensing -- dev-support Tue, 29 Nov 2016 16:55:16 -0800 libnss-tacplus (1.0.1-cl3eau2) RELEASED; urgency=low * Improve debugging on server connections, and always try all servers in list until successful response, in case different servers have different user databases. * Add min_uid and exclude_users config variables to avoid TACACS+ lookups of local users, for robustness and performance. -- dev-support Fri, 30 Sep 2016 13:56:05 -0700 libnss-tacplus (1.0.1-cl3eau1) RELEASED; urgency=low * Initial version with NSS lookups for tacacs users using mapping Works with modified libpam-tacplus to authenticate TACACS+ users without local passwd entries, mapping them to tacacs0..15 based on TACACS privilege level. -- dev-support Thu, 23 Jun 2016 13:31:01 -0700