[tac_plus] auth fail lock fix or alternatives?
Joe Moore
joe.moore at holidaycompanies.com
Tue Feb 21 16:11:26 UTC 2012
-----Original Message-----
From: Alan McKinnon [mailto:alan.mckinnon at gmail.com]
Sent: Monday, February 20, 2012 5:38 PM
To: tac_plus at shrubbery.net
Subject: Re: [tac_plus] auth fail lock fix or alternatives?
SNIP!
Found it, see below:
[snip]
> Hunk #1 succeeded at 153.
> Hunk #2 succeeded at 278.
> Hunk #3 succeeded at 304.
> Hunk #4 succeeded at 623.
> Hmm... Ignoring the trailing garbage.
> done
You need to run "autoconf" here otherwise ./configure won't know about your changes to the sources. For me this makes the difference between it working and getting the same result you got
> [root at ns3 ~/download/tacacs+-F4.0.4.19]# ./configure checking for a
> BSD-compatible install... /usr/bin/install -c checking whether build
> environment is sane... yes checking for a thread-safe mkdir -p...
> ./install-sh -c -d
[snip]
If you read the original patch submission carefully http://www.shrubbery.net/pipermail/tac_plus/2009-September/000508.html
you'll see it is there at the top, (but quite easy to miss actually - I also missed it the first time)
--
Alan McKinnnon
alan.mckinnon at gmail.com
Thanks Alan!
I've restored the lockout function for the time being.
It doesn't look like the AFL patch is available for tac_plus 4.04.20. I'm thinking I'll have to point tac_plus at my Windows Active Directory backend somehow and rely on AD to lock accounts when I update to 4.04.20 and beyond.
I can probably do that via PAM but I'll have to study a bit to see if there's a better/simpler way. My FBSD system accounts sync passwords to AD already, and it looks like the software I use for that is dropping FBSD support anyway.
...jgm
More information about the tac_plus
mailing list