pam: T5577: Improved PAM configs for RADIUS and TACACS+ - vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

diff options

author	zsdc <taras@vyos.io>	2023-09-19 21:03:51 +0300
committer	zsdc <taras@vyos.io>	2023-09-19 21:03:51 +0300
commit	784fb7dc2ccc63789ed85d803e3ae41eef0e0253 (patch)
tree	39406e6df65ca07b431ac41605a47ce6c786186f /src/helpers/run-config-migration.py
parent	1c804685d05ad639bcb1a9ebce68a7a14268500f (diff)
download	vyos-1x-784fb7dc2ccc63789ed85d803e3ae41eef0e0253.tar.gz vyos-1x-784fb7dc2ccc63789ed85d803e3ae41eef0e0253.zip

pam: T5577: Improved PAM configs for RADIUS and TACACS+

After sources analysis, we found the next possible return statuses for PAM modules: 1. pam_tacplus Auth: - PAM_AUTH_ERR - PAM_AUTHINFO_UNAVAIL - PAM_AUTHTOK_ERR - PAM_BUF_ERR - PAM_CRED_INSUFFICIENT - PAM_PERM_DENIED - PAM_SUCCESS - PAM_USER_UNKNOWN Account: - PAM_AUTH_ERR - PAM_AUTHINFO_UNAVAIL - PAM_PERM_DENIED - PAM_SUCCESS - PAM_USER_UNKNOWN Session: - PAM_AUTHINFO_UNAVAIL - PAM_SESSION_ERR - PAM_SUCCESS - PAM_USER_UNKNOWN 2. pam_radius_auth Auth: - PAM_ABORT - PAM_AUTH_ERR - PAM_AUTHINFO_UNAVAIL - PAM_AUTHTOK_ERR - PAM_BAD_ITEM - PAM_BUF_ERR - PAM_CONV_AGAIN - PAM_CONV_ERR - PAM_IGNORE - PAM_NO_MODULE_DATA - PAM_PERM_DENIED - PAM_SUCCESS - PAM_SYSTEM_ERR - PAM_USER_UNKNOWN Account: - PAM_SUCCESS Session: - PAM_ABORT - PAM_AUTHINFO_UNAVAIL - PAM_BAD_ITEM - PAM_BUF_ERR - PAM_CONV_AGAIN - PAM_CONV_ERR - PAM_IGNORE - PAM_NO_MODULE_DATA - PAM_PERM_DENIED - PAM_SUCCESS - PAM_SYSTEM_ERR - PAM_USER_UNKNOWN PAM configurations were replaced with tuned versions to take this into account.

Diffstat (limited to 'src/helpers/run-config-migration.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: