diff options
| author | zsdc <taras@vyos.io> | 2023-09-13 13:16:20 +0300 |
|---|---|---|
| committer | zsdc <taras@vyos.io> | 2023-09-13 21:02:32 +0300 |
| commit | 1c804685d05ad639bcb1a9ebce68a7a14268500f (patch) | |
| tree | b42c8e4ec1e0fa06699966ff6b72ba8b9f3415dd /debian/vyos-1x.preinst | |
| parent | 5181ab60bb6d936505967d6667adc12c5ecb9b64 (diff) | |
| download | vyos-1x-1c804685d05ad639bcb1a9ebce68a7a14268500f.tar.gz vyos-1x-1c804685d05ad639bcb1a9ebce68a7a14268500f.zip | |
TACACS: T5577: Added `mandatory` and `optional` modes for TACACS+
In CLI we can choose authentication logic:
- `mandatory` - if TACACS+ answered with `REJECT`, authentication must be
stopped and access denied immediately.
- `optional` (default) - if TACACS+ answers with `REJECT`, authentication
continues using the next module.
In `mandatory` mode authentication will be stopped only if TACACS+ clearly
answered that access should be denied (no user in TACACS+ database, wrong
password, etc.). If TACACS+ is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
Diffstat (limited to 'debian/vyos-1x.preinst')
| -rw-r--r-- | debian/vyos-1x.preinst | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst index 75fa5e7f1..861c5ec88 100644 --- a/debian/vyos-1x.preinst +++ b/debian/vyos-1x.preinst @@ -2,7 +2,6 @@ dpkg-divert --package vyos-1x --add --no-rename /etc/securetty dpkg-divert --package vyos-1x --add --no-rename /etc/security/capability.conf dpkg-divert --package vyos-1x --add --no-rename /lib/systemd/system/lcdproc.service dpkg-divert --package vyos-1x --add --no-rename /etc/logrotate.d/conntrackd -dpkg-divert --package vyos-1x --add --no-rename /usr/share/pam-configs/tacplus dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.conf dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.bashrc dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.profile |