[tac_plus] Re: after authorization
Ian Batterbee
ibatterb at gmail.com
Mon Nov 3 01:42:45 UTC 2008
>
>
> you can ignore the suggestions or try them. try this or see/try svc_auth
> and attr_value_pair in tac_plus.conf.
>
Yes, thanks for that helpful piece of advice. I have in fact tried the
suggestions, and they're ineffective.
After spending some time working backwards through the tac_plus source code,
I have now worked out that the problem is that the PIX is sending only an
authentication request when a VPN user connections - that is to say, it
doesn't send an *authorization* request.
As a result, the after authorization clause in tac_plus.conf has no effect,
because authorization is never performed.
I'm now going to try using a radius server, since others have had more
success with it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081103/653c7769/attachment.html
More information about the tac_plus
mailing list