From Martin.Bergs at t-systems.com Tue Apr 3 08:02:56 2007 From: Martin.Bergs at t-systems.com (Bergs, Martin) Date: Tue, 3 Apr 2007 10:02:56 +0200 Subject: [tac_plus] error messages tac-plus Message-ID: <1E4CCB2441C5C0409AD8A929482A09F302D8349A@S4DE9JSAAIG.ost.t-com.de> Hi, wie have also Ipanema boxes talking TACACS+ with our server. Authentication, authorisation and accounting work fine, but there are a lot of error messages in our syslog server concerning the Ipanema devices. Apr 3 09:37:24 dsd-scope tac_plus[958]: Error 192.168.182.24 tty65: Null reply packet, expecting CONTINUE Apr 3 09:37:24 dsd-scope tac_plus[961]: Error 192.168.182.204 tty65: Null reply packet, expecting CONTINUE Apr 3 09:37:24 dsd-scope tac_plus[963]: Error 192.168.182.139 tty65: Null reply packet, expecting CONTINUE Apr 3 09:37:24 dsd-scope tac_plus[964]: Error 192.168.182.45 tty5: Null reply packet, expecting CONTINUE Do you have an idea what the reason for all that error messages are? How to stop tac_plus from logging this messages? Yours Sincerely / Mit freundlichen Gruessen Martin Bergs From heas at shrubbery.net Tue Apr 3 22:37:32 2007 From: heas at shrubbery.net (john heasley) Date: Tue, 3 Apr 2007 22:37:32 +0000 Subject: [tac_plus] Re: error messages tac-plus In-Reply-To: <1E4CCB2441C5C0409AD8A929482A09F302D8349A@S4DE9JSAAIG.ost.t-com.de> References: <1E4CCB2441C5C0409AD8A929482A09F302D8349A@S4DE9JSAAIG.ost.t-com.de> Message-ID: <20070403223732.GP2787@shrubbery.net> Tue, Apr 03, 2007 at 10:02:56AM +0200, Bergs, Martin: > Hi, > > wie have also Ipanema boxes talking TACACS+ with our server. > Authentication, authorisation and accounting work fine, but there are a > lot of error messages in our syslog server concerning the Ipanema > devices. > > Apr 3 09:37:24 dsd-scope tac_plus[958]: Error 192.168.182.24 tty65: > Null reply packet, expecting CONTINUE > Apr 3 09:37:24 dsd-scope tac_plus[961]: Error 192.168.182.204 tty65: > Null reply packet, expecting CONTINUE > Apr 3 09:37:24 dsd-scope tac_plus[963]: Error 192.168.182.139 tty65: > Null reply packet, expecting CONTINUE > Apr 3 09:37:24 dsd-scope tac_plus[964]: Error 192.168.182.45 tty5: Null > reply packet, expecting CONTINUE > > Do you have an idea what the reason for all that error messages are? How > to stop tac_plus from logging this messages? This occurs when a device connects, authentication begins, then the device disconnects or the tacacs session times out. This is a bug in the device. Some recent Cisco IOSs have aquired a similar bug, but I've not yet tracked it precise behavior for a bug report. > Yours Sincerely / Mit freundlichen Gruessen > Martin Bergs > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From nneul at umr.edu Sun Apr 15 01:19:14 2007 From: nneul at umr.edu (Nathan Neulinger) Date: Sat, 14 Apr 2007 20:19:14 -0500 Subject: [tac_plus] finally got around to upgrading tac_plus from an older release Message-ID: <20070415011912.GA23762@umr.edu> Figured I'd send you this local patch I've been maintaining for a while. It basically adds support for: 1. External authentication process, passes user= and passwd= similar to authorization scripts. 2. Adds support for a "msg=" AV pair to set the message that is sent to the NAS. 3. Allows defining a global default login secret/pw. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nneul at umr.edu University of Missouri - Rolla Phone: (573) 341-6679 UMR Information Technology Fax: (573) 341-4216 -------------- next part -------------- diff -ur tacacs+-F4.0.4.14-orig/config.c tacacs+-F4.0.4.14/config.c --- tacacs+-F4.0.4.14-orig/config.c 2006-12-13 10:42:56.000000000 -0600 +++ tacacs+-F4.0.4.14/config.c 2007-04-14 19:02:56.000000000 -0500 @@ -66,6 +66,7 @@ cleartext | des | PAM | + external | nopassword := name = | @@ -1090,6 +1091,7 @@ case S_file: case S_cleartext: case S_des: + case S_external: sprintf(buf, "%s ", sym_buf); sym_get(); strcat(buf, sym_buf); @@ -1104,7 +1106,7 @@ #ifdef HAVE_PAM "'PAM', " #endif - "or 'des' keyword after 'login =' on line %d", + "'external', or 'des' keyword after 'login =' on line %d", sym_line); } sym_get(); diff -ur tacacs+-F4.0.4.14-orig/do_author.c tacacs+-F4.0.4.14/do_author.c --- tacacs+-F4.0.4.14-orig/do_author.c 2006-12-13 10:42:56.000000000 -0600 +++ tacacs+-F4.0.4.14/do_author.c 2007-04-14 18:58:57.000000000 -0500 @@ -178,7 +178,8 @@ { int status; char **out_args; - int out_cnt, i; + char *value; + int out_cnt, i, j; char *cmd; char error_str[255]; int error_len = 255; @@ -201,6 +202,24 @@ status = call_pre_process(cmd, data, &out_args, &out_cnt, error_str, error_len); + /* Copy and remove msg= from returned output pairs */ + for(i=0; i < out_cnt; i++) { + value = tac_find_substring("msg=", out_args[i]); + if ( value ) + { + if ( data->msg ) { free(data->msg); } + data->msg=tac_strdup(value); + report(LOG_DEBUG, "Message returned from cmd: %s", value); + free(out_args[i]); /* just added */ + for ( j=i; jmsg ) { free(data->msg); } + data->msg=tac_strdup(value); + report(LOG_DEBUG, "Message returned from cmd: %s", value); + free(out_args[i]); /* just added */ + for ( j=i; j statement * has been issued, attempt to use this password file */ @@ -199,6 +216,21 @@ return(data->status == TAC_PLUS_AUTHEN_STATUS_PASS); } + p = tac_find_substring("external ", cfg_passwd); + if (p) { + /* try to verify this external password */ + if (!external_verify_password(name,passwd,data,p)) { + data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; + return (0); + } else { + data->status = TAC_PLUS_AUTHEN_STATUS_PASS; + } + + exp_date = cfg_get_expires(name, recurse); + set_expiration_status(exp_date, data); + return (data->status == TAC_PLUS_AUTHEN_STATUS_PASS); + } + p = tac_find_substring("file ", cfg_passwd); if (p) { return(passwd_file_verify(name, passwd, data, p)); @@ -615,3 +647,83 @@ return(0); } #endif + +/* + * verify a provided password using an external routine + * external routine returns 0 if correct, 1 if incorrect + * routine interface similar to that of before/after authorization + * subroutine returns 1 if verified, 0 otherwise. + */ + +int +external_verify_password(char *user, char *passwd, struct authen_data *data, char *cmd) +{ + int status; + char *value; + char **out_args; + char *in_args[2]; + int out_cnt, i, j; + + data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; + + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "verify %s for %s using %s", + passwd, user, cmd); + + if (passwd == NULL || + *passwd == '\0' || + user == NULL || + *user == '\0' || + cmd == NULL || + *cmd == '\0') { + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "verify returns 0 - something was NULL"); + return (0); + } + + /* Allocate memory for 'user=USERID' and 'passwd=PASSWD' */ + in_args[0] = (char *) malloc( strlen(user)+strlen("user=")+1 ); + in_args[1] = (char *) malloc( strlen(passwd)+strlen("passwd=")+1 ); + sprintf(in_args[0], "user=%s", user); + sprintf(in_args[1], "passwd=%s", passwd); + + status = call_external_auth_process(cmd, &in_args, 2, + &out_args, &out_cnt); + + free(in_args[0]); + free(in_args[1]); + + /* throw away out_args, but keep message */ + for(i=0; i < out_cnt; i++) { + value = tac_find_substring("msg=", out_args[i]); + if ( value ) + { + if ( data->server_msg ) { free(data->server_msg); } + data->server_msg=tac_strdup(value); + } + free(out_args[i]); + } + free(out_args); + + switch (status) { + default: + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "cmd %s returns %d (unrecognised value)", + cmd, status); + return(0); + + case 0: /* Permit - Password Correct*/ + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "cmd %s returns 0 (passwd correct)", cmd); + data->status = TAC_PLUS_AUTHEN_STATUS_PASS; + return(1); + + case 1: /* Deny - Password Incorrect*/ + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "cmd %s returns 1 (passwd incorrect)", cmd); + return(0); + } + + return (0); +} + diff -ur tacacs+-F4.0.4.14-orig/users_guide tacacs+-F4.0.4.14/users_guide --- tacacs+-F4.0.4.14-orig/users_guide 2006-11-24 21:43:29.000000000 -0600 +++ tacacs+-F4.0.4.14/users_guide 2007-04-14 20:07:40.000000000 -0500 @@ -373,7 +373,7 @@ daemon to the NAS. This is a security issue if the TACACS+ key is ever compromised. -There are 4 ways to authenticate a user for login. +There are 5 ways to authenticate a user for login. 1). You can include a DES (or cleartext) password for a user or for a group that s/he is a member of, viz: @@ -445,6 +445,31 @@ login = PAM } +5). Authentication using external routines. + +You can have authentication performed by an external routine - such as to +do a lookup in a database, etc. The userid and password are passed to the +routine using argument/value pairs similar to the before and after +authorization routines. For example, if the userid were "joe" and the +password given were "abc123", the process would receive: + +user=joe +passwd=abc123 + +To enable external authentication, use as follows: + + user = fred { + login = external /path/to/external/authenticator + } + +The external routine should return and exit success code of 0 if the +userid and password are correct, 1 otherwise. The routine can also, +optionally, return a "msg=some string" to change the message that is +displayed to the user. This message will be displayed regardless of +whether the authentication is successful or not. + +This method of authentication is particularly useful with the DEFAULT +user. RECURSIVE PASSWORD LOOKUPS --------------------------- @@ -1063,6 +1088,12 @@ when specifying AV pairs, there should be no spaces surrounding the "=" sign when using the programmatic interface. +NOTE: Regardless of the return code, both the before and after +authorization routines will detect a "msg=" AV pair, and if present +will display the given message on the NAS. This can be used to indicate +to the user why the authorization failed, or just to give positive +feedback, or to warn to be careful for privileged commands. + CALLING SCRIPTS BEFORE AUTHORIZATION ------------------------------------ From heas at shrubbery.net Wed Apr 25 15:35:03 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 25 Apr 2007 15:35:03 +0000 Subject: [tac_plus] Re: Bug in current tac_plus In-Reply-To: References: Message-ID: <20070425153503.GA9069@shrubbery.net> Fri, Mar 02, 2007 at 02:38:30PM +0100, Josef Voggesser: > Hi folks, > > a few weeks ago I found your project with the acl-enhancement on the cisco > tacacs server. > Testing your server for my needs I noticed a little bug in the current > version. > > > Logging to syslog doesn't continuously work with the configured > logging="local6" > in my tacacs.cfg - file. > > A debug on syslog (see attachment) showed: > - after having read tacacs.cfg the loglevel changes to local6 --> correct > - after "backgrounded" the loglevel changes to "daemon.debug" or > "daemon.info" --> incorect > > I asked our student Timo Vanoni to examine this malfunction and - being a > clever boy - he found the bug. > > In the attachment you can see his changes on three files. > I think this could also help other users. Thanks for the bug fix! > One question or maybe suggest for improvement: > As I use two separate log files for tac_plus, I don't need user related > log messages in syslog. > Daemon related log messages are still welcome. > Is it possible to keep user related log messages away from syslog? There is no separation and no way to exclude messages at the moment. Perhaps the messages you see should be reduced to debug-only messages? > Greetings from Stuttgart, Germany! Greetings from Portland Oregon! Missed Stuttgart's Benz museum when I visited last; I'll have to visit again. From Martin.Bergs at t-systems.com Tue Apr 3 08:02:56 2007 From: Martin.Bergs at t-systems.com (Bergs, Martin) Date: Tue, 3 Apr 2007 10:02:56 +0200 Subject: [tac_plus] error messages tac-plus Message-ID: <1E4CCB2441C5C0409AD8A929482A09F302D8349A@S4DE9JSAAIG.ost.t-com.de> Hi, wie have also Ipanema boxes talking TACACS+ with our server. Authentication, authorisation and accounting work fine, but there are a lot of error messages in our syslog server concerning the Ipanema devices. Apr 3 09:37:24 dsd-scope tac_plus[958]: Error 192.168.182.24 tty65: Null reply packet, expecting CONTINUE Apr 3 09:37:24 dsd-scope tac_plus[961]: Error 192.168.182.204 tty65: Null reply packet, expecting CONTINUE Apr 3 09:37:24 dsd-scope tac_plus[963]: Error 192.168.182.139 tty65: Null reply packet, expecting CONTINUE Apr 3 09:37:24 dsd-scope tac_plus[964]: Error 192.168.182.45 tty5: Null reply packet, expecting CONTINUE Do you have an idea what the reason for all that error messages are? How to stop tac_plus from logging this messages? Yours Sincerely / Mit freundlichen Gruessen Martin Bergs From heas at shrubbery.net Tue Apr 3 22:37:32 2007 From: heas at shrubbery.net (john heasley) Date: Tue, 3 Apr 2007 22:37:32 +0000 Subject: [tac_plus] Re: error messages tac-plus In-Reply-To: <1E4CCB2441C5C0409AD8A929482A09F302D8349A@S4DE9JSAAIG.ost.t-com.de> References: <1E4CCB2441C5C0409AD8A929482A09F302D8349A@S4DE9JSAAIG.ost.t-com.de> Message-ID: <20070403223732.GP2787@shrubbery.net> Tue, Apr 03, 2007 at 10:02:56AM +0200, Bergs, Martin: > Hi, > > wie have also Ipanema boxes talking TACACS+ with our server. > Authentication, authorisation and accounting work fine, but there are a > lot of error messages in our syslog server concerning the Ipanema > devices. > > Apr 3 09:37:24 dsd-scope tac_plus[958]: Error 192.168.182.24 tty65: > Null reply packet, expecting CONTINUE > Apr 3 09:37:24 dsd-scope tac_plus[961]: Error 192.168.182.204 tty65: > Null reply packet, expecting CONTINUE > Apr 3 09:37:24 dsd-scope tac_plus[963]: Error 192.168.182.139 tty65: > Null reply packet, expecting CONTINUE > Apr 3 09:37:24 dsd-scope tac_plus[964]: Error 192.168.182.45 tty5: Null > reply packet, expecting CONTINUE > > Do you have an idea what the reason for all that error messages are? How > to stop tac_plus from logging this messages? This occurs when a device connects, authentication begins, then the device disconnects or the tacacs session times out. This is a bug in the device. Some recent Cisco IOSs have aquired a similar bug, but I've not yet tracked it precise behavior for a bug report. > Yours Sincerely / Mit freundlichen Gruessen > Martin Bergs > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From nneul at umr.edu Sun Apr 15 01:19:14 2007 From: nneul at umr.edu (Nathan Neulinger) Date: Sat, 14 Apr 2007 20:19:14 -0500 Subject: [tac_plus] finally got around to upgrading tac_plus from an older release Message-ID: <20070415011912.GA23762@umr.edu> Figured I'd send you this local patch I've been maintaining for a while. It basically adds support for: 1. External authentication process, passes user= and passwd= similar to authorization scripts. 2. Adds support for a "msg=" AV pair to set the message that is sent to the NAS. 3. Allows defining a global default login secret/pw. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nneul at umr.edu University of Missouri - Rolla Phone: (573) 341-6679 UMR Information Technology Fax: (573) 341-4216 -------------- next part -------------- diff -ur tacacs+-F4.0.4.14-orig/config.c tacacs+-F4.0.4.14/config.c --- tacacs+-F4.0.4.14-orig/config.c 2006-12-13 10:42:56.000000000 -0600 +++ tacacs+-F4.0.4.14/config.c 2007-04-14 19:02:56.000000000 -0500 @@ -66,6 +66,7 @@ cleartext | des | PAM | + external | nopassword := name = | @@ -1090,6 +1091,7 @@ case S_file: case S_cleartext: case S_des: + case S_external: sprintf(buf, "%s ", sym_buf); sym_get(); strcat(buf, sym_buf); @@ -1104,7 +1106,7 @@ #ifdef HAVE_PAM "'PAM', " #endif - "or 'des' keyword after 'login =' on line %d", + "'external', or 'des' keyword after 'login =' on line %d", sym_line); } sym_get(); diff -ur tacacs+-F4.0.4.14-orig/do_author.c tacacs+-F4.0.4.14/do_author.c --- tacacs+-F4.0.4.14-orig/do_author.c 2006-12-13 10:42:56.000000000 -0600 +++ tacacs+-F4.0.4.14/do_author.c 2007-04-14 18:58:57.000000000 -0500 @@ -178,7 +178,8 @@ { int status; char **out_args; - int out_cnt, i; + char *value; + int out_cnt, i, j; char *cmd; char error_str[255]; int error_len = 255; @@ -201,6 +202,24 @@ status = call_pre_process(cmd, data, &out_args, &out_cnt, error_str, error_len); + /* Copy and remove msg= from returned output pairs */ + for(i=0; i < out_cnt; i++) { + value = tac_find_substring("msg=", out_args[i]); + if ( value ) + { + if ( data->msg ) { free(data->msg); } + data->msg=tac_strdup(value); + report(LOG_DEBUG, "Message returned from cmd: %s", value); + free(out_args[i]); /* just added */ + for ( j=i; jmsg ) { free(data->msg); } + data->msg=tac_strdup(value); + report(LOG_DEBUG, "Message returned from cmd: %s", value); + free(out_args[i]); /* just added */ + for ( j=i; j statement * has been issued, attempt to use this password file */ @@ -199,6 +216,21 @@ return(data->status == TAC_PLUS_AUTHEN_STATUS_PASS); } + p = tac_find_substring("external ", cfg_passwd); + if (p) { + /* try to verify this external password */ + if (!external_verify_password(name,passwd,data,p)) { + data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; + return (0); + } else { + data->status = TAC_PLUS_AUTHEN_STATUS_PASS; + } + + exp_date = cfg_get_expires(name, recurse); + set_expiration_status(exp_date, data); + return (data->status == TAC_PLUS_AUTHEN_STATUS_PASS); + } + p = tac_find_substring("file ", cfg_passwd); if (p) { return(passwd_file_verify(name, passwd, data, p)); @@ -615,3 +647,83 @@ return(0); } #endif + +/* + * verify a provided password using an external routine + * external routine returns 0 if correct, 1 if incorrect + * routine interface similar to that of before/after authorization + * subroutine returns 1 if verified, 0 otherwise. + */ + +int +external_verify_password(char *user, char *passwd, struct authen_data *data, char *cmd) +{ + int status; + char *value; + char **out_args; + char *in_args[2]; + int out_cnt, i, j; + + data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; + + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "verify %s for %s using %s", + passwd, user, cmd); + + if (passwd == NULL || + *passwd == '\0' || + user == NULL || + *user == '\0' || + cmd == NULL || + *cmd == '\0') { + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "verify returns 0 - something was NULL"); + return (0); + } + + /* Allocate memory for 'user=USERID' and 'passwd=PASSWD' */ + in_args[0] = (char *) malloc( strlen(user)+strlen("user=")+1 ); + in_args[1] = (char *) malloc( strlen(passwd)+strlen("passwd=")+1 ); + sprintf(in_args[0], "user=%s", user); + sprintf(in_args[1], "passwd=%s", passwd); + + status = call_external_auth_process(cmd, &in_args, 2, + &out_args, &out_cnt); + + free(in_args[0]); + free(in_args[1]); + + /* throw away out_args, but keep message */ + for(i=0; i < out_cnt; i++) { + value = tac_find_substring("msg=", out_args[i]); + if ( value ) + { + if ( data->server_msg ) { free(data->server_msg); } + data->server_msg=tac_strdup(value); + } + free(out_args[i]); + } + free(out_args); + + switch (status) { + default: + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "cmd %s returns %d (unrecognised value)", + cmd, status); + return(0); + + case 0: /* Permit - Password Correct*/ + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "cmd %s returns 0 (passwd correct)", cmd); + data->status = TAC_PLUS_AUTHEN_STATUS_PASS; + return(1); + + case 1: /* Deny - Password Incorrect*/ + if (debug & DEBUG_PASSWD_FLAG) + report(LOG_DEBUG, "cmd %s returns 1 (passwd incorrect)", cmd); + return(0); + } + + return (0); +} + diff -ur tacacs+-F4.0.4.14-orig/users_guide tacacs+-F4.0.4.14/users_guide --- tacacs+-F4.0.4.14-orig/users_guide 2006-11-24 21:43:29.000000000 -0600 +++ tacacs+-F4.0.4.14/users_guide 2007-04-14 20:07:40.000000000 -0500 @@ -373,7 +373,7 @@ daemon to the NAS. This is a security issue if the TACACS+ key is ever compromised. -There are 4 ways to authenticate a user for login. +There are 5 ways to authenticate a user for login. 1). You can include a DES (or cleartext) password for a user or for a group that s/he is a member of, viz: @@ -445,6 +445,31 @@ login = PAM } +5). Authentication using external routines. + +You can have authentication performed by an external routine - such as to +do a lookup in a database, etc. The userid and password are passed to the +routine using argument/value pairs similar to the before and after +authorization routines. For example, if the userid were "joe" and the +password given were "abc123", the process would receive: + +user=joe +passwd=abc123 + +To enable external authentication, use as follows: + + user = fred { + login = external /path/to/external/authenticator + } + +The external routine should return and exit success code of 0 if the +userid and password are correct, 1 otherwise. The routine can also, +optionally, return a "msg=some string" to change the message that is +displayed to the user. This message will be displayed regardless of +whether the authentication is successful or not. + +This method of authentication is particularly useful with the DEFAULT +user. RECURSIVE PASSWORD LOOKUPS --------------------------- @@ -1063,6 +1088,12 @@ when specifying AV pairs, there should be no spaces surrounding the "=" sign when using the programmatic interface. +NOTE: Regardless of the return code, both the before and after +authorization routines will detect a "msg=" AV pair, and if present +will display the given message on the NAS. This can be used to indicate +to the user why the authorization failed, or just to give positive +feedback, or to warn to be careful for privileged commands. + CALLING SCRIPTS BEFORE AUTHORIZATION ------------------------------------ From heas at shrubbery.net Wed Apr 25 15:35:03 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 25 Apr 2007 15:35:03 +0000 Subject: [tac_plus] Re: Bug in current tac_plus In-Reply-To: References: Message-ID: <20070425153503.GA9069@shrubbery.net> Fri, Mar 02, 2007 at 02:38:30PM +0100, Josef Voggesser: > Hi folks, > > a few weeks ago I found your project with the acl-enhancement on the cisco > tacacs server. > Testing your server for my needs I noticed a little bug in the current > version. > > > Logging to syslog doesn't continuously work with the configured > logging="local6" > in my tacacs.cfg - file. > > A debug on syslog (see attachment) showed: > - after having read tacacs.cfg the loglevel changes to local6 --> correct > - after "backgrounded" the loglevel changes to "daemon.debug" or > "daemon.info" --> incorect > > I asked our student Timo Vanoni to examine this malfunction and - being a > clever boy - he found the bug. > > In the attachment you can see his changes on three files. > I think this could also help other users. Thanks for the bug fix! > One question or maybe suggest for improvement: > As I use two separate log files for tac_plus, I don't need user related > log messages in syslog. > Daemon related log messages are still welcome. > Is it possible to keep user related log messages away from syslog? There is no separation and no way to exclude messages at the moment. Perhaps the messages you see should be reduced to debug-only messages? > Greetings from Stuttgart, Germany! Greetings from Portland Oregon! Missed Stuttgart's Benz museum when I visited last; I'll have to visit again.