[tac_plus] Re: problem with tacplus 4.0.4.14
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Tue Sep 9 07:22:40 UTC 2008
> trouble is, that the script returns 1 most of the time. Although it should
> return 2 as you can see:
> #!/bin/sh
> if grep -q "^$2\$" /etc/tac-plus/hosts.txt ; then
> echo priv-lvl=3
> else
> echo priv-lvl=15
> fi
> exit 2
Theoretically no way to get exit status 1 _from_ this script.
If you get 1 it comes from elsewhere.
> The weird thing is, the script functions fine, when i run it manually, even
> with tacacs user, also sometimes it returns 2 even when run by tacacs daemon,
> so users must try to log in 5 may-be 6 times before they can get
> authenticated. So, am i doing something wrong, or is it a problem with tacacs?
You can figure out what happens if you attach a strace to tacacs daemon:
strace -fF -o /tmp/trace -p PID_OF_DAEMON
Do some logins then check file /tmp/trace.
Can you see successful fork and execve system calls?
It is your script above that runs? What if exit status of grep?
Is echo (write(1,...)) executed well? Etc.
Regards
Gabor
--
E-mail = m-mail * c-mail ^ 2
More information about the tac_plus
mailing list