[tac_plus] Patch for better pam_tally support
Chris Recker
crecker at viawest.net
Wed Sep 5 16:20:19 UTC 2007
I have a patch for better pam_tally support. It calls the
pam_acct_mgmt to reset the failed logins after a successful login. I
also added a return of Signon successful which I have a few RANCID
scripts looking for.
--- pwlib.c 2006-12-13 09:42:57.000000000 -0700
+++ ../../tacacs+-F4.0.4.14/pwlib.c 2007-08-29 10:07:34.733845000
-0600
@@ -71,8 +71,9 @@
report(LOG_DEBUG, "Password has not expired %s",
exp_date ? exp_date : "<no expiry date set>");
data->status = TAC_PLUS_AUTHEN_STATUS_PASS;
+ data->server_msg = tac_strdup("Signon successful.");
return;
case PW_EXPIRING:
if (debug & DEBUG_PASSWD_FLAG)
@@ -590,8 +591,9 @@
}
switch((err = pam_authenticate(pamh, PAM_SILENT))) {
case PAM_SUCCESS:
+ pam_acct_mgmt(pamh, PAM_SILENT);
pam_end(pamh, err);
if (debug & DEBUG_PASSWD_FLAG)
report(LOG_DEBUG, "pam_verify returns 1");
return(1);
Chris Recker
Network Engineer
ViaWest, Inc.
Office: 303.874.5227
Fax: 303.885.4999
www.viawest.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20070905/26403ac1/attachment.html
More information about the tac_plus
mailing list