[tac_plus] Re: Possible Bug in tacacs+-F4.0.4.10

Vermilion, Lance Lance.Vermilion at bestwestern.com
Fri Dec 1 23:50:10 UTC 2006


John, 

Comments inline.

Lance Vermilion
Communications System Engineer
Best Western International, Inc. | The World's Largest Hotel Chain(r)
20400 N. 29th Avenue
Phoenix, Arizona 85027

--Contact Info--
Office:  623.780.6637
Mobile: 602.354.6365
eMail:   lance.vermilion at bestwestern.com

-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Friday, December 01, 2006 4:12 PM
To: Vermilion, Lance
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] Possible Bug in tacacs+-F4.0.4.10

Fri, Dec 01, 2006 at 04:03:56PM -0700, Vermilion, Lance:
> John,
> 
> I didn't see anything like that in my local syslog local or remote
> syslog.

it would occur at HUP-time, not start-up.  you really did not get a
message?  and you have 'logging = whatever' in your config (daemon
facility is the default)?
[Vermilion, Lance] 
My logging was default. But my syslog.conf didn't' have anything for
daemon. :(

> In regards to the permissions on tac_plus.conf I was thinking of
> something like this.
> 
> if [ -r /etc/tacacs/tac_plus.conf ]
> then 
>   echo "Houston we have touchdown"
> else 
>   echo " Houston we have a PROBLEM"
> fi

That is not sufficient, afaik.  tac_plus has to be started as root so
that it can open port 49; root shouldn't have problem reading the config
regardless of it's mode.

You'd have to create a child process as the tac_plus user and then do
this check.

> I have added it to my tac_plus init file, which is attached if you
want
> to redistribute it with the package since there isn't one at the
moment.
> That I see.

Someone else creates the linux (and any other o/s) package.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Vermilion, Lance.vcf
Type: text/x-vcard
Size: 275 bytes
Desc: Vermilion, Lance.vcf
Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20061201/ea41de67/attachment.vcf 



More information about the tac_plus mailing list