blob: 6b205924abaca1dcf617697354405647543b383f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
libnss-tacplus (1.0.3-1) unstable; urgency=low
* Added config variable "timeout" to limit time attempting to
connect to non-responding TACACS server.
* Added config variable "exclude_users" in /etc/tacplus_nss
to avoid looking up "local" user accounts via TACACS servers. This
improves overall system performance for local users, and avoids significant
delays when a TACACS server is unreachable.
* Fixed issues with ordering of multiple servers and secrets in config files.
libraries can connect to a TACACS+ server without being tacacs aware.
* Improved debugging messages.
* Minor corrections to Copyright and licensing
* Added vrf config variable, so NSS lookups work correctly$
* During login, send remote add IP address in AUTH request
* Configuration files should automatically be reparsed
if they change, for long-lived programs and daemons that use NSS.
* Added user_homedir config variable to allow per-user
home directories (unless per-command authorization is enabled)
-- Dave Olson <olson@cumulusnetworks.com> Thu, 23 Mar 2017 22:40:01 -0800
libnss-tacplus (1.0.2-1) unstable; urgency=low
* Improve debugging on server connections, and always try all
servers in list until successful response, in case different
servers have different user databases.
* Add min_uid and exclude_users config variables to avoid TACACS+
lookups of local users, for robustness and performance.
-- Dave Olson <olson@cumulusnetworks.com> Thu, 06 Oct 2016 14:13:43 -0700
libnss-tacplus (1.0.1-1) unstable; urgency=low
* Initial version with NSS lookups for tacacs users using mapping
Works with modified libpam-tacplus to authenticate TACACS+ users
without local passwd entries, mapping them to tacacs0..15 based on
TACACS privilege level.
-- Dave Olson <olson@cumulusnetworks.com> Thu, 23 Jun 2016 13:31:01 -0700
|
