| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Add custom systemd udev rules to exclude some regular and dynamic
interfaces from "systemd-sysctl" calls.
It fixes high CPU utilization (100%) as we have a lot of calls per
interface for dynamic interfaces like ppp|ipoe|sstp etc.
/lib/systemd/systemd-udevd should not be called for those interfaces
|
|
T5577: Optimized PAM configs for RADIUS/TACACS+
|
|
In CLI we can choose authentication logic:
- `mandatory` - if TACACS+ answered with `REJECT`, authentication must be
stopped and access denied immediately.
- `optional` (default) - if TACACS+ answers with `REJECT`, authentication
continues using the next module.
In `mandatory` mode authentication will be stopped only if TACACS+ clearly
answered that access should be denied (no user in TACACS+ database, wrong
password, etc.). If TACACS+ is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
|
|
In CLI we can choose authentication logic:
- `mandatory` - if RADIUS answered with `Access-Reject`, authentication must
be stopped and access denied immediately.
- `optional` (default) - if RADIUS answers with `Access-Reject`,
authentication continues using the next module.
In `mandatory` mode authentication will be stopped only if RADIUS clearly
answered that access should be denied (no user in RADIUS database, wrong
password, etc.). If RADIUS is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
|
|
|
|
There are two hooks called for bridge, ethernet and bond interfaces if the
link-state changes up -> down or down -> up.
The helpers are:
* /etc/netplug/linkdown.d/dhclient
* /etc/netplug/linkup.d/dhclient
As those helpers use Linux actions to start/restart the dhclient process in
Perl it's time to rewrite it. First goal is to get rid of all Perl code and the
second is that we now have a Proper Python library. Instead of checking if the
process is running the then restarting it without even systemd noticing
(yeah we might get two processes beeing alive) we should:
* Add a Python helper that can be used for both up and down (see man 8 netplugd
FILES section)
* Query the VyOS CLI config if the interface in question has DHCP(v6)
configured and is not disabled
* Add IPv6 DHCPv6 support
MAN page: https://linux.die.net/man/8/netplugd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Debian Bullseye ships an upstream version of lcdproc.service which infact will
start LCDd instead of the lcdproc client.
Divert the Debian Upstream service file and use the ones provided by vyos-1x.
|
