[tac_plus] Re: Possible Bug in tacacs+-F4.0.4.10

Vermilion, Lance Lance.Vermilion at bestwestern.com
Fri Dec 1 23:03:56 UTC 2006


John,

I didn't see anything like that in my local syslog local or remote
syslog.

In regards to the permissions on tac_plus.conf I was thinking of
something like this.

if [ -r /etc/tacacs/tac_plus.conf ]
then 
  echo "Houston we have touchdown"
else 
  echo " Houston we have a PROBLEM"
fi

I have added it to my tac_plus init file, which is attached if you want
to redistribute it with the package since there isn't one at the moment.
That I see.

Lance Vermilion
Communications System Engineer
Best Western International, Inc. | The World's Largest Hotel Chain(r)
20400 N. 29th Avenue
Phoenix, Arizona 85027

--Contact Info--
Office:  623.780.6637
Mobile: 602.354.6365
eMail:   lance.vermilion at bestwestern.com

-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Friday, December 01, 2006 3:44 PM
To: Vermilion, Lance
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] Possible Bug in tacacs+-F4.0.4.10

Fri, Dec 01, 2006 at 03:22:38PM -0700, Vermilion, Lance:
> John,
> 
> You are a life saver. Thank you. I didn't think to look at that. That
> fixed me. Is there a way to add a check like that in the code? Make
sure
> the user has perms to that file and if not error on it?

You should have seen two log messages in your syslog; like this:

    if ((cf = fopen(cfile, "r")) == NULL) {
        report(LOG_ERR, "read_config: fopen() error for file %s %s,
exiting",
               cfile, strerror(errno));
        return(1);
    }

and another "failure" msg from the signal handler (which technically is
not async safe, but ...).

or do you mean checking the access during initial configuration parsing?

I suppose that the daemon really does not need to exit if it can't read
the config, but that seems the path of least suprise ["hey, why is that
user still active" - some months after it was removed].
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Vermilion, Lance.vcf
Type: text/x-vcard
Size: 275 bytes
Desc: Vermilion, Lance.vcf
Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20061201/5f2ca505/attachment.vcf 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tac_plus.init.txt
Url: http://www.shrubbery.net/pipermail/tac_plus/attachments/20061201/5f2ca505/attachment.txt 



More information about the tac_plus mailing list