[tac_plus] Problems getting tac_plus work with PAM auth on NetBSD

[Fredrik Pettai]

On Nov 24, 2011, at 18:14 , john heasley wrote:
> Thu, Nov 24, 2011 at 04:11:25PM +0100, Fredrik Pettai:
> 
>> Does the tac_plus server have insufficient credentials running as a non-root user to perform pam lookups?
> 
> i'm not sure that it does; it would need to be able to read /etc/master.passwd.

The problem was that the dropped root privileges. After recompiling without this option, it works fine.

Another thing with dropping the root privileges, is that the daemon can't reload the configuration after receiving SIGUSR1 if it runs with dropped root privileges and the configuration file ownership isn't correct. You won't notice this while tac_plus is starting, as it has root privileges while reading the configuration file first, and drops those later. 
 
Maybe you can add something like this to the tac_plus.8 man page:

--- tac_plus.8.in.orig  2011-11-25 10:18:14.000000000 +0100
+++ tac_plus.8.in       2011-11-25 10:26:28.000000000 +0100
@@ -235,8 +235,9 @@
 If the daemon is receives a SIGHUP or SIGUSR1, it will reinitialize itself
 and re-read its configuration file.
 .sp
-Note: if an error is encountered in the configuration file, the daemon
-will die.
+Note: if an error is encountered in the configuration file or the running
+tac_plus daemon hasn't sufficient rights to read it (if root privileges
+are dropped), the daemon will die.
 .\"
 .SH "LOG MESSAGES"
 .B tac_plus