From jmartin at gsihosting.com Mon Aug 4 19:56:06 2008 From: jmartin at gsihosting.com (Martin, Jeremy) Date: Mon, 4 Aug 2008 14:56:06 -0500 Subject: [tac_plus] enable passwords Message-ID: <776B0EFB0B27534BA6886267666DED370336EFCD@GSIATCEXCH01.GSI.CORP> Hi, We got logins working, authenticating against /etc/passwd with this line in the config: login = file /etc/passwd However users could not enable once logged in. Tried this extra line: enable = file /etc/passwd but tac_plus fails to authenticate enabling against /etc/passwd ... Are there are plans on letting enable passwords authenticate against /etc/passwd too? One of the examples on the website showed this: enable = file /etc/tac_enable_pwd However I can't find any documentation on the format of that file. Do you have any details of what I need to put in that file, just username:DES-password or what is the syntax exactly? It's also a bit of a pain to have to run tac_pwd because it prompts for user input, not terribly scriptable but I can get around that. Thanks! Jeremy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080804/646de712/attachment.html From dan.schmidt at uplinkdata.com Mon Aug 4 20:38:28 2008 From: dan.schmidt at uplinkdata.com (Schmidt, Daniel) Date: Mon, 4 Aug 2008 14:38:28 -0600 Subject: [tac_plus] Re: enable passwords In-Reply-To: <776B0EFB0B27534BA6886267666DED370336EFCD@GSIATCEXCH01.GSI.CORP> References: <776B0EFB0B27534BA6886267666DED370336EFCD@GSIATCEXCH01.GSI.CORP> Message-ID: <05CC562AFB5A9446A1BC3F66AD04A3BC3A1F8F@che-exch-003.uplinkdata.com> You need the tac_plus password patch. I'm not exactly sure why this never made it into the latest version. diff -ruN tacacs+-F4.0.4.15/pwlib.c tacacs+-F4.0.4.15.new/pwlib.c --- tacacs+-F4.0.4.15/pwlib.c 2007-12-13 20:18:39.000000000 +0100 +++ tacacs+-F4.0.4.15.new/pwlib.c 2008-04-22 11:05:11.000000000 +0200 @@ -206,7 +206,7 @@ /* Oops. No idea what kind of password this is. This should never * happen as the parser should never create such passwords. */ - report(LOG_ERR, "%s: Error cannot identify password type %s for %s", + report(LOG_ERR, "%s: Error cannot identify password type '%s' for '%s'", session.peer, cfg_passwd && cfg_passwd[0] ? cfg_passwd : "", name ? name : ""); @@ -260,10 +260,22 @@ return(data->status == TAC_PLUS_AUTHEN_STATUS_PASS); } + p = tac_find_substring("file ", cfg_passwd); + if (p) { + if (!passwd_file_verify(name, passwd, data, p)) { + data->status = TAC_PLUS_AUTHEN_STATUS_FAIL; + return(0); + } else { + data->status = TAC_PLUS_AUTHEN_STATUS_PASS; + } + + return(data->status == TAC_PLUS_AUTHEN_STATUS_PASS); + } + /* Oops. No idea what kind of password this is. This should never * happen as the parser should never create such passwords. */ - report(LOG_ERR, "%s: Error cannot identify password type %s for %s", + report(LOG_ERR, "%s: Error cannot identify password type '%s' for '%s'", session.peer, cfg_passwd && cfg_passwd[0] ? cfg_passwd : "", name ? name : ""); -----Original Message----- From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Martin, Jeremy Sent: Monday, August 04, 2008 1:56 PM To: tac_plus at shrubbery.net Subject: [tac_plus] enable passwords Importance: High Hi, We got logins working, authenticating against /etc/passwd with this line in the config: login = file /etc/passwd However users could not enable once logged in. Tried this extra line: enable = file /etc/passwd but tac_plus fails to authenticate enabling against /etc/passwd ... Are there are plans on letting enable passwords authenticate against /etc/passwd too? One of the examples on the website showed this: enable = file /etc/tac_enable_pwd However I can't find any documentation on the format of that file. Do you have any details of what I need to put in that file, just username:DES-password or what is the syntax exactly? It's also a bit of a pain to have to run tac_pwd because it prompts for user input, not terribly scriptable but I can get around that. Thanks! Jeremy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080804/646de71 2/attachment.html _______________________________________________ tac_plus mailing list tac_plus at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus -------------- next part -------------- A non-text attachment was scrubbed... Name: tac_enab_new.patch Type: application/octet-stream Size: 1523 bytes Desc: tac_enab_new.patch Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20080804/20b1f24b/attachment.obj From tacplus at gheek.net Fri Aug 15 22:45:08 2008 From: tacplus at gheek.net (Lance Vermilion) Date: Fri, 15 Aug 2008 15:45:08 -0700 Subject: [tac_plus] Tacplus and pam using linux Message-ID: <8423e7bb0808151545s6c728785y4f302d1eb026833d@mail.gmail.com> Hello, I can not seem to get PAM and tac_plus to play together. Can anyone offer me a sample config for both PAM and tacacs.conf? TIA Lance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080815/c82d39d0/attachment.html From Kyle.Rizzo at ci.ft-wayne.in.us Mon Aug 18 20:09:15 2008 From: Kyle.Rizzo at ci.ft-wayne.in.us (Kyle Rizzo) Date: Mon, 18 Aug 2008 16:09:15 -0400 Subject: [tac_plus] Minimum hardware requirements for tac_plus? Message-ID: I wanted to know what the minimum hardware requirements would be to run tac_plus? All I found in the FAQ was talking about memory. I don't know if it is meaning RAM or swap space since it asks about memory but the last word of the answer is swap. Q). What are the memory recommendations for TACACS+? A). Unless you're using passwd style files, TACACS+ holds entries in hash tables in memory. The overhead is modest e.g. each user entry occupies 72 bytes, plus space for strings like username and password etc. Access time should thus be pretty constant regardless of number of users. On a sparc 2, a config file containing 2000 users requires about 0.5M of swap. Thank you, Kyle Rizzo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080818/67cd8ca2/attachment.html From aaronsca at gmail.com Mon Aug 18 21:59:53 2008 From: aaronsca at gmail.com (Aaron Scarisbrick) Date: Mon, 18 Aug 2008 15:59:53 -0600 Subject: [tac_plus] FreeBSD & PAM Message-ID: Greetings, I'm writing to ask that a blurb be placed in the tac_plus users_guide, faq or man page so that others may not suffer the same excruciating debug session to discover why PAM and tac_plus didn't work together the way I thought they should: Be aware that when the tac_plus daemon runs as a non-root user (as is the default in FreeBSD /usr/ports), it will not be able to authenticate using the pam_unix.so module. This is because the system function getpwnam() called by pam_unix.so requires root privileges to retrieve the password to validate from the /etc/master.passwd or /etc/shadow file. The symptom will be that for each authentiction that is attempted, the password will appear to be wrong whether it was typed correctly or not. The maddening bit was that by default, PAM debug messages are suppressed in tac_plus via the PAM_SILENT flag passed to pam_authenticate() in the pwlib.c source file. This was compounded by FreeBSD also hard coding that all libpam debug messages be disabled as well. Once those hurdles were cleared, the cuplable system function was identified. After inserting some additional debug statements, it was obvious what the problem was. Too obvious as it turned out. I should have known better. Cheers, Aaron M. Scarisbrick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080818/fc08d679/attachment.html From heas at shrubbery.net Tue Aug 19 02:09:25 2008 From: heas at shrubbery.net (john heasley) Date: Mon, 18 Aug 2008 19:09:25 -0700 Subject: [tac_plus] Re: FreeBSD & PAM In-Reply-To: References: Message-ID: <20080819020925.GK761@shrubbery.net> Mon, Aug 18, 2008 at 03:59:53PM -0600, Aaron Scarisbrick: > Greetings, > > I'm writing to ask that a blurb be placed in the tac_plus users_guide, faq > or man page so that others may not suffer the same excruciating debug > session to discover why PAM and tac_plus didn't work together the way I > thought they should: > > Be aware that when the tac_plus daemon runs as a non-root user (as is the > default in FreeBSD /usr/ports), it will not be able to authenticate using > the pam_unix.so module. This is because the system function getpwnam() > called by pam_unix.so requires root privileges to retrieve the password to > validate from the /etc/master.passwd or /etc/shadow file. The symptom will > be that for each authentiction that is attempted, the password will appear > to be wrong whether it was typed correctly or not. > > The maddening bit was that by default, PAM debug messages are suppressed in > tac_plus via the PAM_SILENT flag passed to pam_authenticate() in the pwlib.c > source file. This was compounded by FreeBSD also hard coding that all libpam > debug messages be disabled as well. Once those hurdles were cleared, the > cuplable system function was identified. After inserting some additional > debug statements, it was obvious what the problem was. Too obvious as it > turned out. I should have known better. should tacacs not set PAM_SILENT? When I added PAM, IIRC, I thought that PAM_SILENT prevented PAM from sending messages to tacacs; ie: crap it doesnt care about. Perhaps you've tried it. > Cheers, > > Aaron M. Scarisbrick > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080818/fc08d679/attachment.html > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From weweiss at mindspring.com Tue Aug 19 15:23:39 2008 From: weweiss at mindspring.com (Walt Weiss) Date: Tue, 19 Aug 2008 11:23:39 -0400 (GMT-04:00) Subject: [tac_plus] Enable Passwords Message-ID: <31207034.1219159419297.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net> Hi; I have tried to implement per user enable passwords but it doesn't seem to work and I didn't find anything in the example configs. here is what I tried to do. user = rstrickl { member = admin login = file /etc/passwd enable = cleartext "test" } What else is necessary? Do I have to define the $ENABLE15$ user or something? I have the latest version from the website tacacs+-F4.0.4.15. I have looked through the user guide and searched online but it doesn't seem to work. Thanks Walt Weiss From embeddedlinuxguy at gmail.com Wed Aug 20 00:51:13 2008 From: embeddedlinuxguy at gmail.com (Jesse Zbikowski) Date: Tue, 19 Aug 2008 17:51:13 -0700 Subject: [tac_plus] Patch: allow escaped double quotes in shared secret Message-ID: <683785120808191751j52eab892ib373e0029dd55e1b@mail.gmail.com> Hello, I experienced a problem because I use a mix of special characters in my tac_plus.conf key. I always put the key in double-quotes to protect against spaces and comment characters (#). However the parser does not accept an escaped double quote (\") inside a double-quoted key, although it works fine outside quotes. Here is my one-line patch to F4.0.4.15. --- config.c.orig 2008-08-13 12:56:08.000000000 -0700 +++ config.c 2008-08-13 13:52:58.000000000 -0700 @@ -1515,6 +1515,7 @@ /* fall through */ case '"': + case '\\': if (!sym_buf_add(sym_ch)) { sym_code = S_unknown; rch(); From heas at shrubbery.net Wed Aug 20 05:02:49 2008 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Aug 2008 22:02:49 -0700 Subject: [tac_plus] Re: Patch: allow escaped double quotes in shared secret In-Reply-To: <683785120808191751j52eab892ib373e0029dd55e1b@mail.gmail.com> References: <683785120808191751j52eab892ib373e0029dd55e1b@mail.gmail.com> Message-ID: <20080820050249.GE564@shrubbery.net> Tue, Aug 19, 2008 at 05:51:13PM -0700, Jesse Zbikowski: > Hello, > > I experienced a problem because I use a mix of special characters in > my tac_plus.conf key. I always put the key in double-quotes to > protect against spaces and comment characters (#). However the parser > does not accept an escaped double quote (\") inside a double-quoted > key, although it works fine outside quotes. Here is my one-line patch > to F4.0.4.15. did you mean an esacaped backslash? > --- config.c.orig 2008-08-13 12:56:08.000000000 -0700 > +++ config.c 2008-08-13 13:52:58.000000000 -0700 > @@ -1515,6 +1515,7 @@ > > /* fall through */ > case '"': > + case '\\': > if (!sym_buf_add(sym_ch)) { > sym_code = S_unknown; > rch(); > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From heas at shrubbery.net Wed Aug 20 05:12:46 2008 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Aug 2008 22:12:46 -0700 Subject: [tac_plus] Re: Enable Passwords In-Reply-To: <31207034.1219159419297.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net> References: <31207034.1219159419297.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net> Message-ID: <20080820051246.GF564@shrubbery.net> Tue, Aug 19, 2008 at 11:23:39AM -0400, Walt Weiss: > Hi; > I have tried to implement per user enable passwords but it doesn't seem to work and I didn't find anything in the example configs. > > here is what I tried to do. > > user = rstrickl { > member = admin > login = file /etc/passwd > enable = cleartext "test" > } > > > What else is necessary? Do I have to define the $ENABLE15$ user or something? I have the latest version from the website tacacs+-F4.0.4.15. I have looked through the user guide and searched online but it doesn't seem to work. > works for me. i think you should double check the config on your router (is it using this server) and so forth. From embeddedlinuxguy at gmail.com Thu Aug 21 00:24:54 2008 From: embeddedlinuxguy at gmail.com (Jesse Zbikowski) Date: Wed, 20 Aug 2008 17:24:54 -0700 Subject: [tac_plus] Re: Patch: allow escaped double quotes in shared secret In-Reply-To: <20080820050249.GE564@shrubbery.net> References: <683785120808191751j52eab892ib373e0029dd55e1b@mail.gmail.com> <20080820050249.GE564@shrubbery.net> Message-ID: <683785120808201724t6482fbd9ya968fd9f19f0f48e@mail.gmail.com> On Tue, Aug 19, 2008 at 10:02 PM, john heasley wrote: > did you mean an esacaped backslash? Correct, that's what I meant; escaped quotes already work. From ck at teknikmejeriet.se Fri Aug 22 11:09:54 2008 From: ck at teknikmejeriet.se (Christian Karlsson) Date: Fri, 22 Aug 2008 13:09:54 +0200 Subject: [tac_plus] ACL - Deny users access to specific hosts Message-ID: <48AE9E82.5090001@teknikmejeriet.se> Hello I want to be able to specify what cisco routers a user can connect to. I want him to be able to connect to router 192.168.1.1 but not the 192.168.1.5 router. Quote from guide: "The ACL is applied to the source address that the device used to connect to the tac_plus daemon. On most routers, this can be explicitly set. For example, on a cisco router:" Like i understood the ACL it changes where i can telnet from not to? Is it possible to deny access to a cisco from tacacs_plus or other way(Still tacacs enabled cisco) If not, is there a possibility that this function will be added in the future? /Christian From heas at shrubbery.net Wed Aug 27 05:06:03 2008 From: heas at shrubbery.net (john heasley) Date: Wed, 27 Aug 2008 05:06:03 +0000 Subject: [tac_plus] Re: ACL - Deny users access to specific hosts In-Reply-To: <48AE9E82.5090001@teknikmejeriet.se> References: <48AE9E82.5090001@teknikmejeriet.se> Message-ID: <20080827050603.GM7941@shrubbery.net> Fri, Aug 22, 2008 at 01:09:54PM +0200, Christian Karlsson: > Hello > > I want to be able to specify what cisco routers a user can connect to. > I want him to be able to connect to router 192.168.1.1 but not the > 192.168.1.5 router. > > Quote from guide: > "The ACL is applied to the source address that the device used to > connect to the tac_plus daemon. On most routers, this can be explicitly > set. For example, on a cisco router:" > > Like i understood the ACL it changes where i can telnet from not to? the address considered is the address of the tacacs daemon's client, ie: the router. > Is it possible to deny access to a cisco from tacacs_plus or other > way(Still tacacs enabled cisco) > If not, is there a possibility that this function will be added in the > future? > > /Christian > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus From abdelrahman.ghazal at hotmail.com Wed Aug 27 09:55:13 2008 From: abdelrahman.ghazal at hotmail.com (Abdelrahman Ghazal) Date: Wed, 27 Aug 2008 09:55:13 +0000 Subject: [tac_plus] tacacs+-F4.0.4.15 on Debian 4.0 Message-ID: Hi, I am trying to install tacacs on debian 4.0 and when i try to enable the support for skey i get an error. please check the steps i followed below /usr/src/tacacs+-F4.0.4.15# ./configure --with-skey=/usr --with-libwrap=/usr --with-pidfile=/etc/tac_plus.pidchecking for a BSD-compatible install... /usr/bin/install -cchecking whether build environment is sane... yeschecking for gawk... nochecking for mawk... mawkchecking whether make sets $(MAKE)... yeschecking whether to enable maintainer-specific portions of Makefiles... nochecking build system type... i686-pc-linux-gnuchecking host system type... i686-pc-linux-gnuchecking for gmake... nochecking for make... /usr/bin/makechecking whether /usr/bin/make sets $(MAKE)... yeschecking whether to enable maintainer-specific portions of Makefiles... nochecking for gcc... gccchecking for C compiler default output file name... a.outchecking whether the C compiler works... yeschecking whether we are cross compiling... nochecking for suffix of executables... checking for suffix of object files... ochecking whether we are using the GNU C compiler... yeschecking whether gcc accepts -g... yeschecking for gcc option to accept ISO C89... none neededchecking for style of include used by /usr/bin/make... GNUchecking dependency style of gcc... gcc3checking for function prototypes... yeschecking how to run the C preprocessor... gcc -Echecking for grep that handles long lines and -e... /bin/grepchecking for egrep... /bin/grep -Echecking for ANSI C header files... yeschecking for sys/types.h... yeschecking for sys/stat.h... yeschecking for stdlib.h... yeschecking for string.h... yeschecking for memory.h... yeschecking for strings.h... yeschecking for inttypes.h... yeschecking for stdint.h... yeschecking for unistd.h... yeschecking for string.h... (cached) yeschecking how to run the C preprocessor... gcc -Echecking for an ANSI C-conforming const... yeschecking for inline... inlinechecking for preprocessor stringizing operator... yeschecking for a BSD-compatible install... /usr/bin/install -cchecking for ranlib... ranlibchecking whether to include symbols... nochecking whether to set gcc warnings... nochecking whether to use libwrap... yeschecking whether to include skey support... yeschecking for library containing skey_get_algorithm... -lskeychecking whether to setuid()... nochecking whether to setgid()... nochecking whether to include ACL support... yeschecking whether to include user-enable support... yeschecking whether to include maximum sessions (maxsess) support... nochecking whether to include maxsess finger support... nochecking for alt pid file FQPN... /etc/tac_plus.pidchecking for alt accounting file FQPN... /var/log/tac_plus.acctchecking for alt log file FQPN... /var/log/tac_plus.logchecking whether to profile... nochecking for pam_start in -lpam... nochecking for ANSI C header files... (cached) yeschecking crypt.h usability... yeschecking crypt.h presence... yeschecking for crypt.h... yeschecking ctype.h usability... yeschecking ctype.h presence... yeschecking for ctype.h... yeschecking errno.h usability... yeschecking errno.h presence... yeschecking for errno.h... yeschecking fcntl.h usability... yeschecking fcntl.h presence... yeschecking for fcntl.h... yeschecking malloc.h usability... yeschecking malloc.h presence... yeschecking for malloc.h... yeschecking shadow.h usability... yeschecking shadow.h presence... yeschecking for shadow.h... yeschecking for stdlib.h... (cached) yeschecking for stdint.h... (cached) yeschecking for string.h... (cached) yeschecking for strings.h... (cached) yeschecking for sys/types.h... (cached) yeschecking sysexits.h usability... yeschecking sysexits.h presence... yeschecking for sysexits.h... yeschecking syslog.h usability... yeschecking syslog.h presence... yeschecking for syslog.h... yeschecking termios.h usability... yeschecking termios.h presence... yeschecking for termios.h... yeschecking for unistd.h... (cached) yeschecking sys/socket.h usability... yeschecking sys/socket.h presence... yeschecking for sys/socket.h... yeschecking sys/wait.h usability... yeschecking sys/wait.h presence... yeschecking for sys/wait.h... yeschecking for socklen_t... yeschecking return type of signal handlers... voidchecking for bzero... yeschecking for strerror... yeschecking for strchr... yeschecking for strcspn... yeschecking whether setpgrp takes no argument... yeschecking whether time.h and sys/time.h may both be included... yeschecking for gnutar... nochecking for gtar... nochecking for tar... tarchecking for a BSD-compatible install... /usr/bin/install -cchecking for perl5... nochecking for perl... /usr/bin/perlconfigure: creating ./config.statusconfig.status: creating Makefileconfig.status: WARNING: Makefile.in seems to ignore the --datarootdir settingconfig.status: creating version.hconfig.status: creating pathsl.hconfig.status: creating tac_plus.8config.status: creating tac_plus.conf.5config.status: creating config.hconfig.status: config.h is unchangedconfig.status: executing depfiles commandsDebian:/usr/src/tacacs+-F4.0.4.15# make/usr/bin/make all-ammake[1]: Entering directory `/usr/src/tacacs+-F4.0.4.15'if gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT tac_plus.o -MD -MP -MF ".deps/tac_plus.Tpo" -c -o tac_plus.o tac_plus.c; \ then mv -f ".deps/tac_plus.Tpo" ".deps/tac_plus.Po"; else rm -f ".deps/tac_plus.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT acct.o -MD -MP -MF ".deps/acct.Tpo" -c -o acct.o acct.c; \ then mv -f ".deps/acct.Tpo" ".deps/acct.Po"; else rm -f ".deps/acct.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT do_author.o -MD -MP -MF ".deps/do_author.Tpo" -c -o do_author.o do_author.c; \ then mv -f ".deps/do_author.Tpo" ".deps/do_author.Po"; else rm -f ".deps/do_author.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT report.o -MD -MP -MF ".deps/report.Tpo" -c -o report.o report.c; \ then mv -f ".deps/report.Tpo" ".deps/report.Po"; else rm -f ".deps/report.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT authen.o -MD -MP -MF ".deps/authen.Tpo" -c -o authen.o authen.c; \ then mv -f ".deps/authen.Tpo" ".deps/authen.Po"; else rm -f ".deps/authen.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT dump.o -MD -MP -MF ".deps/dump.Tpo" -c -o dump.o dump.c; \ then mv -f ".deps/dump.Tpo" ".deps/dump.Po"; else rm -f ".deps/dump.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT sendauth.o -MD -MP -MF ".deps/sendauth.Tpo" -c -o sendauth.o sendauth.c; \ then mv -f ".deps/sendauth.Tpo" ".deps/sendauth.Po"; else rm -f ".deps/sendauth.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT author.o -MD -MP -MF ".deps/author.Tpo" -c -o author.o author.c; \ then mv -f ".deps/author.Tpo" ".deps/author.Po"; else rm -f ".deps/author.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT enable.o -MD -MP -MF ".deps/enable.Tpo" -c -o enable.o enable.c; \ then mv -f ".deps/enable.Tpo" ".deps/enable.Po"; else rm -f ".deps/enable.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT packet.o -MD -MP -MF ".deps/packet.Tpo" -c -o packet.o packet.c; \ then mv -f ".deps/packet.Tpo" ".deps/packet.Po"; else rm -f ".deps/packet.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT sendpass.o -MD -MP -MF ".deps/sendpass.Tpo" -c -o sendpass.o sendpass.c; \ then mv -f ".deps/sendpass.Tpo" ".deps/sendpass.Po"; else rm -f ".deps/sendpass.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT choose_authen.o -MD -MP -MF ".deps/choose_authen.Tpo" -c -o choose_authen.o choose_authen.c; \ then mv -f ".deps/choose_authen.Tpo" ".deps/choose_authen.Po"; else rm -f ".deps/choose_authen.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT encrypt.o -MD -MP -MF ".deps/encrypt.Tpo" -c -o encrypt.o encrypt.c; \ then mv -f ".deps/encrypt.Tpo" ".deps/encrypt.Po"; else rm -f ".deps/encrypt.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT parse.o -MD -MP -MF ".deps/parse.Tpo" -c -o parse.o parse.c; \ then mv -f ".deps/parse.Tpo" ".deps/parse.Po"; else rm -f ".deps/parse.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT config.o -MD -MP -MF ".deps/config.Tpo" -c -o config.o config.c; \ then mv -f ".deps/config.Tpo" ".deps/config.Po"; else rm -f ".deps/config.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT expire.o -MD -MP -MF ".deps/expire.Tpo" -c -o expire.o expire.c; \ then mv -f ".deps/expire.Tpo" ".deps/expire.Po"; else rm -f ".deps/expire.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT programs.o -MD -MP -MF ".deps/programs.Tpo" -c -o programs.o programs.c; \ then mv -f ".deps/programs.Tpo" ".deps/programs.Po"; else rm -f ".deps/programs.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT default_fn.o -MD -MP -MF ".deps/default_fn.Tpo" -c -o default_fn.o default_fn.c; \ then mv -f ".deps/default_fn.Tpo" ".deps/default_fn.Po"; else rm -f ".deps/default_fn.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT pw.o -MD -MP -MF ".deps/pw.Tpo" -c -o pw.o pw.c; \ then mv -f ".deps/pw.Tpo" ".deps/pw.Po"; else rm -f ".deps/pw.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT utils.o -MD -MP -MF ".deps/utils.Tpo" -c -o utils.o utils.c; \ then mv -f ".deps/utils.Tpo" ".deps/utils.Po"; else rm -f ".deps/utils.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT default_v0_fn.o -MD -MP -MF ".deps/default_v0_fn.Tpo" -c -o default_v0_fn.o default_v0_fn.c; \ then mv -f ".deps/default_v0_fn.Tpo" ".deps/default_v0_fn.Po"; else rm -f ".deps/default_v0_fn.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT hash.o -MD -MP -MF ".deps/hash.Tpo" -c -o hash.o hash.c; \ then mv -f ".deps/hash.Tpo" ".deps/hash.Po"; else rm -f ".deps/hash.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT pwlib.o -MD -MP -MF ".deps/pwlib.Tpo" -c -o pwlib.o pwlib.c; \ then mv -f ".deps/pwlib.Tpo" ".deps/pwlib.Po"; else rm -f ".deps/pwlib.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT do_acct.o -MD -MP -MF ".deps/do_acct.Tpo" -c -o do_acct.o do_acct.c; \ then mv -f ".deps/do_acct.Tpo" ".deps/do_acct.Po"; else rm -f ".deps/do_acct.Tpo"; exit 1; fiif gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include -I/usr/local/include -g -O2 -I/usr/include -MT maxsess.o -MD -MP -MF ".deps/maxsess.Tpo" -c -o maxsess.o maxsess.c; \ then mv -f ".deps/maxsess.Tpo" ".deps/maxsess.Po"; else rm -f ".deps/maxsess.Tpo"; exit 1; figcc -g -O2 -I/usr/include -L/usr/local/lib -o tac_plus tac_plus.o acct.o do_author.o md4.o report.o authen.o dump.o md5.o sendauth.o author.o enable.o packet.o sendpass.o choose_authen.o encrypt.o parse.o skey_fn.o config.o expire.o programs.o default_fn.o pw.o utils.o default_v0_fn.o hash.o pwlib.o do_acct.o maxsess.o regexp.o -L/usr/lib -lwrap -R/usr/lib -lskey -lnsl -lcryptgcc: unrecognized option '-R/usr/lib'choose_authen.o: In function `choose_login':/usr/src/tacacs+-F4.0.4.15/choose_authen.c:124: undefined reference to `skey_fn'collect2: ld returned 1 exit statusmake[1]: *** [tac_plus] Error 1make[1]: Leaving directory `/usr/src/tacacs+-F4.0.4.15'make: *** [all] Error 2Debian:/usr/src/tacacs+-F4.0.4.15# _________________________________________________________________ Be the filmmaker you always wanted to be?learn how to burn a DVD with Windows?. http://clk.atdmt.com/MRT/go/108588797/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20080827/9fb2a81d/attachment.html