[tac_plus] Re: Query

[Schmidt, Daniel]

Thank you for your reply and for your time. 

I found something like this that Ben Kennedy had tried (and failed) in
2007.  Attempting to use/modify/change this simple bash script was of no
use - I could not make it work, I could not so much as login.  The exit
values look correct and it echo's to stdout.  Can anybody see something
wrong?

<>

Here is an example of the config file:
user = test {
  after authorization "/etc/tac-plus/authen $user $address"
}

Example of script:
#!/bin/sh

if [ "$1" = 'test' ]
then
  if [ "$2" = 'X.X.X.X' ] #ip of switch
  then
     echo default service=permit
     echo login=cleartext XXX
     echo service=exec
     echo {
       echo priv-lvl=15
     echo
     echo cmd=arp
     echo {
     echo permit timeout
     echo }
     echo cmd=no
     echo {
     echo permit arp
     echo }
     echo cmd=show
     echo {
     echo permit run
     echo permit start
     echo }
     echo cmd=configure
     echo {
     echo permit terminal
     echo permit interface
     echo deny .*
     echo }
   exit 2
  fi
fi
exit 1

-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Wednesday, April 01, 2009 4:23 PM
To: Schmidt, Daniel
Cc: john heasley; Lance Vermilion; tac_plus at shrubbery.net
Subject: Re: [tac_plus] Re: Query

Tue, Mar 31, 2009 at 03:44:01PM -0600, Schmidt, Daniel:
> I've never been able to make it work... if anybody has a working
example
> they could provide, that would be greatly appreciated.  

you read all the AVPs on stdin
then write the appropriate AVPs on stdout
and/or finally exit with the appropriate exit code

there shouldnt be any voodoo.  its not something i do or test on a
regular
basis.  i suppose the daemon's handling could be broken, but doubt it.