| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-06-19 | remove obsolete comment about PAM_DISALLOW_NULL_AUTHTOK | Paweł Krawczyk | |
| 2014-10-10 | Add source addr parameter for tac_connect_single | Daniel Gollub | |
| This allows to specify from which source address/interface the TACACS+ client connection gets initiated. Bump SO-versioning due to API change. | |||
| 2014-09-18 | allow authorization without protocol defined | Sergey Mironov | |
| Protocol is only required for certain subset of services, mainly for ppp. We allow authorization with empty protocol if user wants to use other service names, like 'ssh' From the http://tools.ietf.org/html/draft-grant-tacacs-02 page 30: The protocol attribute is intended for use with PPP. When service equals "ppp" and protocol equals "lcp", the message describes the PPP link layer service. For other values of protocol, this describes a PPP NCP (network layer service). A single PPP session can support multiple NCPs | |||
| 2014-02-19 | cleanup redundant code | Walter de Jong | |
| 2014-02-19 | bugfix: do not try other server when AUTHEN_STATUS_FAIL | Walter de Jong | |
| The loop would continue to try other servers even when a server has indicated that the authentication failed (wrong password!!) Also, try talk the protocol as much as possible. The PAM status is AUTHINFO_UNAVAIL unless a tacacs server has responded with PASS (-> PAM status SUCCESS) or FAIL (-> PAM status ERR) | |||
| 2014-02-19 | delete extraneous whitespace | Walter de Jong | |
| 2013-04-28 | active_server can not be a pointer, data lost after authentication. | Jeroen Nijhof | |
| 2013-04-28 | /dev/urandom improvements, thanks Walter. Fixed active_server check | Jeroen Nijhof | |
| 2013-03-29 | removed double xcalloc() function; do not leak memory for these small ↵ | Walter de Jong | |
| buffers; added safe xstrcpy() | |||
| 2013-03-28 | fixes various memory leaks, really | Walter de Jong | |
| 2013-03-28 | server is a struct { address, key } | Walter de Jong | |
| 2013-03-28 | more stuff belongs in headers | Walter de Jong | |
| 2013-03-28 | stuff belongs in an include file | Walter de Jong | |
| 2013-03-28 | remove unnecessary ifdef __platform__ constructions | Walter de Jong | |
| 2013-03-27 | #defines are not short integers | Walter de Jong | |
| 2012-09-16 | Rearrange header file include for libtac | Jeroen Nijhof | |
| 2012-09-08 | Bumped version to 1.3.8 and renamed rem_addr to r_addr | Jeroen Nijhof | |
| 2012-07-25 | Fixed connection handling in _pam_account, thanks James Allwright | Jeroen Nijhof | |
| 2012-07-25 | tac_encryption fully handled by libtac | Jeroen Nijhof | |
| 2012-06-08 | Moved debug message after active_server validation | Jeroen Nijhof | |
| 2012-03-18 | Changed e-mail and improved accounting | Jeroen Nijhof | |
| 2011-08-20 | Added _pam_get_rhost() and _pam_get_user() | Jeroen | |
| 2011-08-19 | Finally got rid of all goto illness! | Jeroen | |
| 2011-08-19 | Major contribution by Darren Besler | Jeroen | |
| 2011-04-25 | Removed encrypt option just check if there is a secret (key). | Jeroen | |
| Removed first_hit option because you can get the same behaviour by using only one server. Added multiple secret support, you can now specify different secrets (keys) for different servers. connect.c: improved connection error handling by using getpeername() to check if connection is still valid. This was needed since we are using non-blocking sockets. Properly handle multiple servers when authenticating, patch from Gregg Nemas, thanks! | |||
| 2010-12-22 | Initial commit | Jeroen Nijhof | |
 |
index : pam_tacplus.git | |
| (mirror of https://github.com/vyos/pam_tacplus.git) |
| summaryrefslogtreecommitdiff |
path: root/pam_tacplus.c