[tac_plus] Adding users to tacacs passwd file
dterry at dollartree.com
dterry at dollartree.com
Thu Aug 12 13:28:26 UTC 2010
Why wouldn't you want to use the Linux shadow / passwd files?
"Jeffrey S.
Geist"
<jeffrey.geist at pn To
pt.com> "tac_plus at shrubbery.net"
Sent by: <tac_plus at shrubbery.net>
<tac_plus-bounces cc
@shrubbery.net> Mark Urbach <mark.urbach at pnpt.com>
Subject
[tac_plus] Adding users to tacacs
08/12/2010 09:04 passwd file
AM
Hi,
We are currently migrating Tacacs from Solaris to Linux. We haven't had
any issues getting Tacacs to run on CentOS and users are authenticating
through CentOS (using the old tacacs passwd file from Solaris). The issue
we are facing is trying to convert the old Solaris script, that creates the
users entries in the tacacs passwd file, over to a script that runs on
CentOS. The Solaris script creates a user with a unique "uid". We were
wondering if anyone knows of a Linux script that will accomplish the same
results. We have a fairly good understanding of Tacacs, but we are no
experts.
Here is the script used on Solaris:
---------------------------- begin ------------------------------------
#!/bin/sh
#
# @(#)auth_user 2.2 12.28.05
# modified by RKJ for mail2.swnebr.net Solaris 5.8 11/28/03
# modified by MLW for dns3.pnpt.com Solaris 5.8 1/5/06
#
#
# add user script for use with sys-config
# arguments: uname "fullname" password
#
# dirname is in SystemV catagory - so put it herein
shdirname()
{
expr \
${1-.}'/' : '\(/\)[^/]*//*$' \
\| ${1-.}'/' : '\(.*[^/]\)//*[^/][^/]*//*$' \
\| .
}
myname=`basename $0`
Passwd_file=/etc/auth-passwd
PATH=$PATH:/usr/ucb:/usr/local/bin
export PATH
# check for root
if [ "`whoami`x" != "root"x ]; then
echo "You must be root to do $myname!"
exit 1
fi
uid=`cat /usr/local/puid`
nuid=`expr ${uid} + 1`
echo $nuid > /usr/local/puid
# check for number of args
if [ $# -ne 3 ]; then
echo "${myname}: invalid number of arguments"
echo " usage: ${myname} uname \"fullname\" password"
exit 1
fi
# put args into named variables
uname=$1
gid=1000
fullname=$2
password=`/usr/local/sbin/generate_passwd $3`
#password=`/usr/bin/encrypt encpw passwd $3`
##############################################################################
# modified by RKJ for mail2.swnebr.net Solaris 5.8 11/28/03
#
homedir="/home/$1"
#
#
#
##############################################################################
shell=/bin/false
# checks for validity of arguments
# check uid
echo "uid:" $uid
if test $uid -lt 10 ; then
echo "uid: uid must be greater than 10 and less than 60000"
exit 1
elif test $uid -gt 60000 ; then
echo "uid: uid must be greater than 10 and less than 60000"
exit 1
fi
echo "gid:" $gid
# check gid
if test $gid -lt 10 ; then
echo "gid: gid must be greater than 10 and less than 60000"
exit 1
elif test $gid -gt 60000 ; then
echo "gid: gid must be greater than 10 and less than 60000"
exit 1
fi
# check shell
if test ! -x $shell ; then
echo "$shell: the program does not exist or is not executable"
exit 1
fi
# create a null /etc/passwd entry
# first check if one already exists
if grep -s "^${uname}:" ${Passwd_file} ; then
echo "${myname}: ERROR: ${uname} aleady in ${Passwd_file}";
exit 1;
fi
# check if uid already exists
if grep -s ".*:.*:${uid}:" ${Passwd_file} ; then
echo "uid: ERROR: ${uid} already in ${Passwd_file}";
exit 1;
fi
pwent="${uname}:${password}:${uid}:${gid}:${fullname}:${homedir}:${shell}"
# XXX sould we use tmp file and rename it?
( echo '$' ;
echo 'i' ;
echo "${pwent}" ;
echo '.' ;
echo 'w' ;
echo 'q' ) | ed -s ${Passwd_file} > /dev/null
if grep -s "^${uname}:" ${Passwd_file} ; then
:
else
echo "${myname}: ERROR: password entry didn't go to $
{Passwd_file}";
exit 1;
fi
#
echo "Please be patient! This may take some time"
echo ""
#
#
# SCP a copy of /etc/auth-passwd to DNS2 and Tacacs
#
if [ -f /etc/auth-passwd ]; then
scp /etc/auth-passwd
sysop at dns2:/usr/local/etc/tacacs/authentication/auth-passwd
echo "A copy of the auth-passwd file has been sent to DNS2..WHEW!!"
scp /etc/auth-passwd
sysop at tacacs:/usr/local/etc/tacacs/authentication/auth-passwd
echo "A copy of the auth-passwd file has been sent to
Tacacs..WHEW!!"
echo " "
fi
#
exit 0
#
#EOF
---------------------------- end ------------------------------------
Maybe this is more complicated than it needs to be. Any suggests,
recommendation or opinions are welcomed!
Thanx In Advance,
[cid:image003.png at 01CB39F4.EEBC6A80]
Jeffrey S. Geist
Systems Administrator
PinPoint Communications
100 North 12th Street
Suite 500
Lincoln, NE 68508
Work: (402) 438-6211
Cellular: (402) 580-0047
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://www.shrubbery.net/pipermail/tac_plus/attachments/20100812/93365c6d/attachment.html
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 24221 bytes
Desc: image003.png
URL: <
http://www.shrubbery.net/pipermail/tac_plus/attachments/20100812/93365c6d/attachment.png
>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list