From SG00123446 at TechMahindra.com Tue Oct 1 06:01:30 2013
From: SG00123446 at TechMahindra.com (Sachin.6.Gupta)
Date: Tue, 1 Oct 2013 11:31:30 +0530
Subject: [tac_plus] Illegal data size when TACACS+ running on 64 bit
debian machine
In-Reply-To: <20130930203426.GC2034@shrubbery.net>
References: <251C71CF3919A942A3A12FDD3CC76101DC0FB1A459@SINNODMBX001.TechMahindra.com>
<20130930203426.GC2034@shrubbery.net>
Message-ID: <251C71CF3919A942A3A12FDD3CC76101DC0FB1B170@SINNODMBX001.TechMahindra.com>
This got resolved by debugging. Local change was the root cause. It works perfectly on 64 bit and 32 bit machines.
One of the developers had modified the HDR structure disturbing the boundaries without approval.
Apologies for the trouble caused.
Regards
-----Original Message-----
From: heasley [mailto:heas at shrubbery.net]
Sent: Tuesday, October 01, 2013 2:04 AM
To: Sachin.6.Gupta
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] Illegal data size when TACACS+ running on 64 bit debian machine
Mon, Sep 30, 2013 at 12:51:40PM +0530, Sachin.6.Gupta:
> Hi,
>
> I keep on getting "Illegal Data Size" when TACACS+ is running on 64 Bit Unix machines.
> Same package when compiled on 32 bit machine, works fine.
what O/S? is a long not 32bits on your platform?
> I have configured a D-Link switch with my TACACS+ server.
>
> I am currently debugging this, but is there a compatibility issue reported for 64 bit TACACS+?
not tha ti know of.
> Please advice.
>
> Regards
>
>
>
>
> ======================================================================
> ======================================================Disclaimer:
> This message and the information contained herein is proprietary and
> confidential and subject to the Tech Mahindra policy statement, you
> may review the policy at href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahi
> ndra.com/Disclaimer.html externally and href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.tech
> mahindra.com/tim/disclaimer.html internally within Tech
> Mahindra.=============================================================
> ===============================================================
> -------------- next part -------------- An HTML attachment was
> scrubbed...
> URL:
> ab0e/attachment.html> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
============================================================================================================================Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/tim/disclaimer.html internally within Tech Mahindra.============================================================================================================================
From SG00123446 at TechMahindra.com Thu Oct 17 11:43:37 2013
From: SG00123446 at TechMahindra.com (Sachin.6.Gupta)
Date: Thu, 17 Oct 2013 17:13:37 +0530
Subject: [tac_plus] What is the difference between TACACS+ Squeeze and
Wheezy versions
Message-ID: <251C71CF3919A942A3A12FDD3CC76101DC102474CF@SINNODMBX001.TechMahindra.com>
Hi All,
Need your help in understanding the difference between the squeeze and wheezy packages wrt to TACACS+.
Change log:
----------------------------------------------------------------------------------------------------------------------------------------
tacacs+ (4.0.4.19-11) unstable; urgency=low
* Correct one lintian error.
-- Henry-Nicolas Tourneur Mon, 5 Jun 2011 17:53:51 +0100
tacacs+ (4.0.4.19-10) unstable; urgency=low
* Closes: #609755 (ignore $DAEMONUSER in init script stop_server())
-- Henry-Nicolas Tourneur Mon, 12 Jan 2011 21:07:51 +0100
tacacs+ (4.0.4.19-9) unstable; urgency=low
* Improve the init script: check the config on
start/reload (Thanks to Erik Wenzel)
* Use the debian way to restart daemons in logrotate scripts (Erik Wenzel too)
-- Henry-Nicolas Tourneur Mon, 18 Oct 2010 21:30:51 +0100
tacacs+ (4.0.4.19-8) unstable; urgency=low
* Closes: #582334 (replace gethostbyname() with getaddrinfo())
----------------------------------------------------------------------------------------------------------------------------------------
Out of these I don't see any drastic difference based on the debian releases.
Are these versions not compatible for the other platform?
If the Unix system migrates from squeeze to wheezy, can we still continue with the squeeze version?
Pls suggest.
Regards
============================================================================================================================Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/tim/disclaimer.html internally within Tech Mahindra.============================================================================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mkouhei at gmail.com Wed Oct 30 17:10:52 2013
From: mkouhei at gmail.com (Kouhei Maeda)
Date: Thu, 31 Oct 2013 02:10:52 +0900
Subject: [tac_plus] Extend "default authentication" using "PAM"
Message-ID:
Hi,
I customised tacplus related "default authentication" top level
directive to enable to use PAM.
The purpose of my change:
I usually manage user accounts of servers using LDAP.
I want to centrally manage an LDAP also account management of network
devices in the same way.
I looked at following note(*1),
and I understand that it is possible to manage with LDAP through PAM modules
using "login = PAM" in each group directive or each user directive.
*1: http://www.shrubbery.net/pipermail/tac_plus/2013-August/001319.html
But This method required to change tac_plus.conf when adding or removing users.
I want to manage using only LDAP.
So, I have to be able to use the PAM in the default authentication.
This change eliminates the need for user management in tacplus.
I attach the patch for "F4.0.4.26" version.
This version is the same version of tacacs + package of Debian GNU /
Linux Sid current. (4.0.4.26-3)
In addition, I've created a patch to the version for the Debian GNU /
Linux Wheezy
for use in the production environment normal. (4.0.4.19-11)
I have published these unofficial Debian source package patched on
GitHub. (*2, *3)
*2: for Sid
https://github.com/mkouhei/tacacs-plus/commit/8e3b55914e5b086db4ca15c9d52c03cb86397d59
*3: for Wheezy
https://github.com/mkouhei/tacacs-plus/commit/1c4a92926e7f4fee47f4fe13a365edc66af3bc60
If thats ok, would you merge my patch?
Best regards,
--
Kouhei Maeda
KeyID 4096R/7E37CE41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: extend_default_authentication.patch
Type: text/x-patch
Size: 3535 bytes
Desc: not available
URL:
From nicotine at warningg.com Thu Oct 31 19:41:50 2013
From: nicotine at warningg.com (Brandon Ewing)
Date: Thu, 31 Oct 2013 14:41:50 -0500
Subject: [tac_plus] Extend "default authentication" using "PAM"
In-Reply-To:
References:
Message-ID: <20131031194150.GD5792@radiological.warningg.com>
On Thu, Oct 31, 2013 at 02:10:52AM +0900, Kouhei Maeda wrote:
> Hi,
>
> I customised tacplus related "default authentication" top level
> directive to enable to use PAM.
>
Does this patch cover enable authentication as well? Cisco ASA doesn't like
priviledge assignment from TACACS, IIRC.
--
Brandon Ewing (nicotine at warningg.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: