[tac_plus] Re: Let's discuss some new features

Thu May 1 22:15:52 UTC 2008

Sounds like a great idea!

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Kiss Gabor (Bitman)
Sent: Wednesday, April 30, 2008 2:54 AM
To: tac_plus at shrubbery.net
Subject: [tac_plus] Let's discuss some new features

Dear folks,

I plan to do some enhancements of tac_plus daemon.
It would be lovely if network manager can assign individual
attributes based not only on username but
- host (NAS) address/name
- terminal line (console, async/modem, vty etc.)
- connection time (workdays, weekend, day and night etc.)

However this requires more sophisticated database backend practically
speaking a relational database. Sqlite seems to be a good choice.
Configure script would accept --with-sqlite option on systems
where libsqlite is available. At startup or when catching HUP signal
daemon read the usual configuration file and fills database
with approprate record. Database could be in memory entirely (i.e. no
external file) so daemon would be acting as a black box that
cannot be distinguish from the current one.
Lookout is the same but there is a V8 engine under the hood. :-)

Moreover I wish to keep backward compaibility of config file.
So I'm thinking on some new syntax elements that could describe
the above functionality.

I mean somethink like this:

-----------------------------------
acl = local_net_acl {
	permit = ^172\.16\.192\.
}

user = melany_local {
	ifhost = local_net_acl {
		service = exec {
			priv-lvl = 15
		}
	}
	service = exec {
		priv-lvl = 2
	}
	member = working_girl
}

time = business_hours {
	permit = Mo-Fr,8-15:30
}

group = working_girl {
	iftime = business_hours {
		default service = permit
	}
	default service = deny
}
-----------------------------------

What is your opinion?

Gabor
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus