[tac_plus] Re: Possible Bug in tacacs+-F4.0.4.10

john heasley heas at shrubbery.net
Fri Dec 1 23:11:41 UTC 2006


Fri, Dec 01, 2006 at 04:03:56PM -0700, Vermilion, Lance:
> John,
> 
> I didn't see anything like that in my local syslog local or remote
> syslog.

it would occur at HUP-time, not start-up.  you really did not get a
message?  and you have 'logging = whatever' in your config (daemon
facility is the default)?

> In regards to the permissions on tac_plus.conf I was thinking of
> something like this.
> 
> if [ -r /etc/tacacs/tac_plus.conf ]
> then 
>   echo "Houston we have touchdown"
> else 
>   echo " Houston we have a PROBLEM"
> fi

That is not sufficient, afaik.  tac_plus has to be started as root so
that it can open port 49; root shouldn't have problem reading the config
regardless of it's mode.

You'd have to create a child process as the tac_plus user and then do
this check.

> I have added it to my tac_plus init file, which is attached if you want
> to redistribute it with the package since there isn't one at the moment.
> That I see.

Someone else creates the linux (and any other o/s) package.



More information about the tac_plus mailing list