[tac_plus] Dynamic authentication plugins via shared libraries?
heasley
heas at shrubbery.net
Mon Aug 20 16:29:26 UTC 2012
Sat, Aug 18, 2012 at 11:30:05AM +0100, Steve Kemp:
> On Thu Aug 16, 2012 at 10:02:49 -0700, heasley wrote:
>
> > > Assuming I cleaned up the code to rename the configuration
> > > options, etc, would this be of interest in the main repository
> > > and stand a chance of making it into the upstream releases of
> > > the future?
> >
> > sure, but why didn't you just write a PAM module for your sso and have
> > tacacs enter from there?
>
> At the time that didn't occur to me/us.. I guess now you've said
> that I'm torn between wanting to submit the code-changes and thinking
> "I'll go away and hide now".
I asked because that would make your authentication mechanism more genericly
accessible, but there can be cause for not using pam; I just couldnt think
of one, so I asked.
> I guess the utility of the work ultimately depends how likely
> it is that users of TACACS+ wish to tie it in to some external
> authentication system (which is neither PAM nor LDAP-based).
If I needed to access an LDAP server, I would do it through pam. :) but,
I have never needed to do that and there is probably a basket full of
caveats to this that I am completely ignorant of.
i like the idea though, esp. if you include documentation.
> If this is a common request, and common desire, then the code
> is useful. If people approach it from the PAM-side then it is
> less useful. I guess that is call I cannot make.
>
>
> Steve
> --
> Debian GNU/Linux System Administration
> http://www.debian-administration.org/
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list