[tac_plus] Re: Possible Bug in tacacs+-F4.0.4.10
Vermilion, Lance
Lance.Vermilion at bestwestern.com
Fri Dec 1 23:03:56 UTC 2006
John,
I didn't see anything like that in my local syslog local or remote
syslog.
In regards to the permissions on tac_plus.conf I was thinking of
something like this.
if [ -r /etc/tacacs/tac_plus.conf ]
then
echo "Houston we have touchdown"
else
echo " Houston we have a PROBLEM"
fi
I have added it to my tac_plus init file, which is attached if you want
to redistribute it with the package since there isn't one at the moment.
That I see.
Lance Vermilion
Communications System Engineer
Best Western International, Inc. | The World's Largest Hotel Chain(r)
20400 N. 29th Avenue
Phoenix, Arizona 85027
--Contact Info--
Office: 623.780.6637
Mobile: 602.354.6365
eMail: lance.vermilion at bestwestern.com
-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net]
Sent: Friday, December 01, 2006 3:44 PM
To: Vermilion, Lance
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] Possible Bug in tacacs+-F4.0.4.10
Fri, Dec 01, 2006 at 03:22:38PM -0700, Vermilion, Lance:
> John,
>
> You are a life saver. Thank you. I didn't think to look at that. That
> fixed me. Is there a way to add a check like that in the code? Make
sure
> the user has perms to that file and if not error on it?
You should have seen two log messages in your syslog; like this:
if ((cf = fopen(cfile, "r")) == NULL) {
report(LOG_ERR, "read_config: fopen() error for file %s %s,
exiting",
cfile, strerror(errno));
return(1);
}
and another "failure" msg from the signal handler (which technically is
not async safe, but ...).
or do you mean checking the access during initial configuration parsing?
I suppose that the daemon really does not need to exit if it can't read
the config, but that seems the path of least suprise ["hey, why is that
user still active" - some months after it was removed].
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Vermilion, Lance.vcf
Type: text/x-vcard
Size: 275 bytes
Desc: Vermilion, Lance.vcf
Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20061201/5f2ca505/attachment.vcf
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tac_plus.init.txt
Url: http://www.shrubbery.net/pipermail/tac_plus/attachments/20061201/5f2ca505/attachment.txt
More information about the tac_plus
mailing list