summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-12-08If a timeout is configured by PAM, make sure we set theBen Schumacher
tac_readtimeout_enable to a non-zero value to get TACACS+ timeouts to work as expected.
2014-11-27too many RELROsPawel Krawczyk
2014-11-26give up AX_ macros as they don't work on older autoconf, usePawel Krawczyk p.krawczyk@kainos.com
a more conservative method instead
2014-11-26Merge branch 'master' of github.com:jeroennijhof/pam_tacplusPawel Krawczyk
2014-11-26check for PAM devel librariesPawel Krawczyk
2014-11-26close rfdPawel Krawczyk
2014-11-26rewrite the PRNG logic to use urandom on srand() only and then returnPawel Krawczyk
random() on subsequent calls
2014-11-26add -WallPawel Krawczyk
2014-11-21Merge pull request #21 from gollub/fix/reduce_log_leveljeroennijhof
Reduce loglevel for non-critical author messages
2014-11-20Reduce loglevel for non-critical author messagesDaniel Gollub
Messages like "Args cnt %d", "Adding buf/value pair (%s,%s)" should not flood syslog as warning.
2014-10-14add Jeroen as primary author and list others from GitHub1.3.9Pawel Krawczyk
2014-10-14bump version to 1.3.9, mostly due to file descriptor leak fixPawel Krawczyk
2014-10-14Merge pull request #18 from pwdng/masterPaweł Krawczyk
Close /dev/urandom to fix open file handler leak.
2014-10-14Close /dev/urandom to fix open file handler leak.pwdng
2014-10-10Merge pull request #17 from gollub/feature/client_connect_source_address_v4Paweł Krawczyk
Add source addr parameter for tac_connect_single
2014-10-10Add source addr parameter for tac_connect_singleDaniel Gollub
This allows to specify from which source address/interface the TACACS+ client connection gets initiated. Bump SO-versioning due to API change.
2014-10-08Merge pull request #16 from gollub/fix/debian_build_for_ax_check_compile_flagPaweł Krawczyk
Fix/debian build for ax check compile flag
2014-10-08Whitespace fixDaniel Gollub
2014-10-08Fix Debian build failing on AX_CHECK_COMPILE_FLAGDaniel Gollub
2014-10-02C compiler hardening optionsPawel Krawczyk
Add checks for C compiler hardening options (stack protector etc) and use them if available.
2014-10-02Fix always true conditionPawel Krawczyk
The condition was checking tac_prompt which is a static array, so it will always return some address. Now checking the value of the first element of the array, which can be zero on non-zero.
2014-09-18Merge pull request #14 from gollub/fix_debian_packagingPaweł Krawczyk
Fix Debian packaging due to README markdown rename
2014-09-18Merge pull request #13 from gollub/shared_libtacPaweł Krawczyk
[RFC] Build and install libtac as shared library
2014-09-18Merge pull request #15 from grwlf/masterPaweł Krawczyk
allow authorization without protocol defined
2014-09-18allow authorization without protocol definedSergey Mironov
Protocol is only required for certain subset of services, mainly for ppp. We allow authorization with empty protocol if user wants to use other service names, like 'ssh' From the http://tools.ietf.org/html/draft-grant-tacacs-02 page 30: The protocol attribute is intended for use with PPP. When service equals "ppp" and protocol equals "lcp", the message describes the PPP link layer service. For other values of protocol, this describes a PPP NCP (network layer service). A single PPP session can support multiple NCPs
2014-09-05Fix include directory in pkg-config fileDaniel Gollub
All headers are stored in the libtac sub-directory.
2014-08-28Introduce pkg-config file for libtacDaniel Gollub
2014-08-28debian: Introduce shahred library packaging libtacDaniel Gollub
2014-08-28Fix Debian packaging due to README markdown renameDaniel Gollub
Regression introduced with ea841487
2014-08-27Build and install libtac as shared libraryDaniel Gollub
Additional install public headers for libtac shared library. SO-Versioning is initially set to 0:0:0.
2014-04-22Added macro dir and fix readme issueJeroen Nijhof
2014-04-22Added install instructionjeroennijhof
2014-04-22Markup extentionJeroen Nijhof
2014-04-22Use markup for READMEJeroen Nijhof
2014-04-22Merge pull request #8 from walterdejong/masterjeroennijhof
Thanks guys! But the pam_sm_authenticate() function was indeed looping over the tac_plus servers for authentication. The problem is when a tac_plus server is not working correctly you will be denied during authentication but I agree we need to find a better solution for that issue.
2014-04-18Merge pull request #10 from jeroennijhof/hotfix_9jeroennijhof
Fix issue with automake 1.9
2014-04-16Fix issue with automake 1.9Jeroen Nijhof
2014-02-19cleanup redundant codeWalter de Jong
2014-02-19bugfix: do not try other server when AUTHEN_STATUS_FAILWalter de Jong
The loop would continue to try other servers even when a server has indicated that the authentication failed (wrong password!!) Also, try talk the protocol as much as possible. The PAM status is AUTHINFO_UNAVAIL unless a tacacs server has responded with PASS (-> PAM status SUCCESS) or FAIL (-> PAM status ERR)
2014-02-19delete extraneous whitespaceWalter de Jong
2014-02-19Merge branch 'master' of github.com:walterdejong/pam_tacplusWalter de Jong
2014-02-19run libtoolize tooWalter de Jong
2014-02-17Added postinst and prerm for pam-auth-updateJeroen Nijhof
2014-01-31Added automake subdir-objects option1.3.8Jeroen Nijhof
2013-12-20Fixed mismatch between compat and debhelper versionJeroen Nijhof
2013-12-17Release version 1.3.8Jeroen Nijhof
2013-07-01A lot of cleanups and improvements by Walter de JongJeroen Nijhof
2013-06-06run libtoolize tooWalter de Jong
2013-04-28active_server can not be a pointer, data lost after authentication.Jeroen Nijhof
2013-04-28/dev/urandom improvements, thanks Walter. Fixed active_server checkJeroen Nijhof
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-12 16:18:17 +0000