Add changes to allow VRF, and mapped users (no local accounts)

Add changes allow admins to set up RADIUS clients with no local
knowledge of the RADIUS accounts (no adduser required, nor LDAP, etc.)

This is done by using the nss-mapuser package.   The only real change
to this package is to set up the SUDO prompt, so it's the RADIUS login
name, in the pam_sm_acct_mgmt entry point.

Bumped the version to 1.4.1

Change the PACKAGE info in configure to reflect Cumulus, and also
a few related fields.   Changed maintiner to dev-support

Also incorporated changes to make debuging builds easier under debian.

Added comment and description of src_ip to the config file (author of
the src_ip changes hadn't yet done that), and removed the location of
config file from comments, since debian installs to a different
location.

Quieted config complaints; can't move to current because current is
GPLv3, and this doesn't use autoconf.

Tried to capture the 5 years of changes between 1.3.17 and 1.4.0

Added lintian overrides.  Fixed up debian/copyright file to be standard
format, and match (approximately) the source files.  overrides don't
quite work, because source vs binary confusion, but documents them

Added debian install files

Added man page for the plugin, and for the RADIUS client config file

1 files changed, 56 insertions, 0 deletions

diff --git a/pam_radius_auth.5 b/pam_radius_auth.5
new file mode 100644
index 0000000..f117166
--- /dev/null
+++ b/pam_radius_auth.5
@@ -0,0 +1,56 @@
+.TH pam_radius_auth 5
+.\" Copyright 2017 Cumulus Networks, Inc.  All rights reserved.
+.SH NAME
+/etc/pam_radius_auth.conf \- RADIUS client configuration file
+.SH SYNOPSIS
+.B /etc/tacplus_servers
+is the RADIUS client configuration file for the PAM RADIUS client plugin.
+It contains the information on how to reach the RADIUS server(s), and 
+because it contains the shared secret key, should be mode 600 and owned
+by root.
+.SH DESCRIPTION
+Other PAM-specific options are described in the
+.B pam_radius_auth.8
+manpage, and must be added to the PAM configuration files.
+.PP
+By default, all components source this file, enabling a single point of
+configuration for the TACACS server(s), debug settings, etc.
+.PP
+Not all keywords use all fields.
+.TP
+.I debug
+Output PAM and RADIUS communication debugging information via syslog(3).
+.TP
+.I  server[:port] secret [timeout] [src_ip]
+the port name or number is optional.  The default port name is
+"radius", and is looked up from
+.IR /etc/services .
+The timeout field is optional.  The default timeout is 3 seconds.
+.IP
+For IPv6 literal addresses, the address has to be surrounded  by
+square  brackets as usual. E.g. [2001:0db8:85a3::4].
+.IP
+If multiple RADIUS server lines exist, they are tried in order.  The
+first server to return success or failure causes the module to return
+success or failure.  Only if a server fails to response is it skipped,
+and the next server in turn is used.
+.IP
+The optional timeout field controls how many seconds the module waits before
+deciding that the server has failed to respond.  It currently must be
+less than 60.
+.IP
+The optional src_ip may be used to configure the source IP address used
+in the RADIUS packets to the server.  The timeout field must be set if 
+setting the src_ip is desired
+.TP
+.I vrf-name VRFNAME
+If the management network is in a VRF, set this variable to the VRF name. This
+would  usually  be  "mgmt".  This is not normally needed with PAM.
+.SH "SEE ALSO"
+.BR pam_radius_auth (8),
+.BR mapuser_nss (5)
+.SH FILES
+.I /etc/pam_radius_auth.conf
+- RADIUS client configuration parameters
+.SH AUTHOR
+Dave Olson <olson@cumulusnetworks.com>