[tac_plus] Dynamic authentication plugins via shared libraries?

heasley heas at shrubbery.net
Mon Aug 20 16:29:26 UTC 2012


Sat, Aug 18, 2012 at 11:30:05AM +0100, Steve Kemp:
> On Thu Aug 16, 2012 at 10:02:49 -0700, heasley wrote:
> 
> > >  Assuming I cleaned up the code to rename the configuration
> > > options, etc, would this be of interest in the main repository
> > > and stand a chance of making it into the upstream releases of
> > > the future?
> > 
> > sure, but why didn't you just write a PAM module for your sso and have
> > tacacs enter from there?
> 
>   At the time that didn't occur to me/us..  I guess now you've said
>  that I'm torn between wanting to submit the code-changes and thinking
>  "I'll go away and hide now".

I asked because that would make your authentication mechanism more genericly
accessible, but there can be cause for not using pam; I just couldnt think
of one, so I asked.

>   I guess the utility of the work ultimately depends how likely
>  it is that users of TACACS+ wish to tie it in to some external
>  authentication system (which is neither PAM nor LDAP-based).

If I needed to access an LDAP server, I would do it through pam. :)  but,
I have never needed to do that and there is probably a basket full of
caveats to this that I am completely ignorant of.

i like the idea though, esp. if you include documentation.

>   If this is a common request, and common desire, then the code
>  is useful.  If people approach it from the PAM-side then it is
>  less useful.  I guess that is call I cannot make.
> 
> 
> Steve
> -- 
> Debian GNU/Linux System Administration
> http://www.debian-administration.org/
> 
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus


More information about the tac_plus mailing list