From SG00123446 at TechMahindra.com Tue Oct 1 06:01:30 2013 From: SG00123446 at TechMahindra.com (Sachin.6.Gupta) Date: Tue, 1 Oct 2013 11:31:30 +0530 Subject: [tac_plus] Illegal data size when TACACS+ running on 64 bit debian machine In-Reply-To: <20130930203426.GC2034@shrubbery.net> References: <251C71CF3919A942A3A12FDD3CC76101DC0FB1A459@SINNODMBX001.TechMahindra.com> <20130930203426.GC2034@shrubbery.net> Message-ID: <251C71CF3919A942A3A12FDD3CC76101DC0FB1B170@SINNODMBX001.TechMahindra.com> This got resolved by debugging. Local change was the root cause. It works perfectly on 64 bit and 32 bit machines. One of the developers had modified the HDR structure disturbing the boundaries without approval. Apologies for the trouble caused. Regards -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Tuesday, October 01, 2013 2:04 AM To: Sachin.6.Gupta Cc: tac_plus at shrubbery.net Subject: Re: [tac_plus] Illegal data size when TACACS+ running on 64 bit debian machine Mon, Sep 30, 2013 at 12:51:40PM +0530, Sachin.6.Gupta: > Hi, > > I keep on getting "Illegal Data Size" when TACACS+ is running on 64 Bit Unix machines. > Same package when compiled on 32 bit machine, works fine. what O/S? is a long not 32bits on your platform? > I have configured a D-Link switch with my TACACS+ server. > > I am currently debugging this, but is there a compatibility issue reported for 64 bit TACACS+? not tha ti know of. > Please advice. > > Regards > > > > > ====================================================================== > ======================================================Disclaimer: > This message and the information contained herein is proprietary and > confidential and subject to the Tech Mahindra policy statement, you > may review the policy at href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahi > ndra.com/Disclaimer.html externally and href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.tech > mahindra.com/tim/disclaimer.html internally within Tech > Mahindra.============================================================= > =============================================================== > -------------- next part -------------- An HTML attachment was > scrubbed... > URL: > ab0e/attachment.html> _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/tac_plus ============================================================================================================================Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/tim/disclaimer.html internally within Tech Mahindra.============================================================================================================================ From SG00123446 at TechMahindra.com Thu Oct 17 11:43:37 2013 From: SG00123446 at TechMahindra.com (Sachin.6.Gupta) Date: Thu, 17 Oct 2013 17:13:37 +0530 Subject: [tac_plus] What is the difference between TACACS+ Squeeze and Wheezy versions Message-ID: <251C71CF3919A942A3A12FDD3CC76101DC102474CF@SINNODMBX001.TechMahindra.com> Hi All, Need your help in understanding the difference between the squeeze and wheezy packages wrt to TACACS+. Change log: ---------------------------------------------------------------------------------------------------------------------------------------- tacacs+ (4.0.4.19-11) unstable; urgency=low * Correct one lintian error. -- Henry-Nicolas Tourneur Mon, 5 Jun 2011 17:53:51 +0100 tacacs+ (4.0.4.19-10) unstable; urgency=low * Closes: #609755 (ignore $DAEMONUSER in init script stop_server()) -- Henry-Nicolas Tourneur Mon, 12 Jan 2011 21:07:51 +0100 tacacs+ (4.0.4.19-9) unstable; urgency=low * Improve the init script: check the config on start/reload (Thanks to Erik Wenzel) * Use the debian way to restart daemons in logrotate scripts (Erik Wenzel too) -- Henry-Nicolas Tourneur Mon, 18 Oct 2010 21:30:51 +0100 tacacs+ (4.0.4.19-8) unstable; urgency=low * Closes: #582334 (replace gethostbyname() with getaddrinfo()) ---------------------------------------------------------------------------------------------------------------------------------------- Out of these I don't see any drastic difference based on the debian releases. Are these versions not compatible for the other platform? If the Unix system migrates from squeeze to wheezy, can we still continue with the squeeze version? Pls suggest. Regards ============================================================================================================================Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/tim/disclaimer.html internally within Tech Mahindra.============================================================================================================================ -------------- next part -------------- An HTML attachment was scrubbed... URL: From mkouhei at gmail.com Wed Oct 30 17:10:52 2013 From: mkouhei at gmail.com (Kouhei Maeda) Date: Thu, 31 Oct 2013 02:10:52 +0900 Subject: [tac_plus] Extend "default authentication" using "PAM" Message-ID: Hi, I customised tacplus related "default authentication" top level directive to enable to use PAM. The purpose of my change: I usually manage user accounts of servers using LDAP. I want to centrally manage an LDAP also account management of network devices in the same way. I looked at following note(*1), and I understand that it is possible to manage with LDAP through PAM modules using "login = PAM" in each group directive or each user directive. *1: http://www.shrubbery.net/pipermail/tac_plus/2013-August/001319.html But This method required to change tac_plus.conf when adding or removing users. I want to manage using only LDAP. So, I have to be able to use the PAM in the default authentication. This change eliminates the need for user management in tacplus. I attach the patch for "F4.0.4.26" version. This version is the same version of tacacs + package of Debian GNU / Linux Sid current. (4.0.4.26-3) In addition, I've created a patch to the version for the Debian GNU / Linux Wheezy for use in the production environment normal. (4.0.4.19-11) I have published these unofficial Debian source package patched on GitHub. (*2, *3) *2: for Sid https://github.com/mkouhei/tacacs-plus/commit/8e3b55914e5b086db4ca15c9d52c03cb86397d59 *3: for Wheezy https://github.com/mkouhei/tacacs-plus/commit/1c4a92926e7f4fee47f4fe13a365edc66af3bc60 If thats ok, would you merge my patch? Best regards, -- Kouhei Maeda KeyID 4096R/7E37CE41 -------------- next part -------------- A non-text attachment was scrubbed... Name: extend_default_authentication.patch Type: text/x-patch Size: 3535 bytes Desc: not available URL: From nicotine at warningg.com Thu Oct 31 19:41:50 2013 From: nicotine at warningg.com (Brandon Ewing) Date: Thu, 31 Oct 2013 14:41:50 -0500 Subject: [tac_plus] Extend "default authentication" using "PAM" In-Reply-To: References: Message-ID: <20131031194150.GD5792@radiological.warningg.com> On Thu, Oct 31, 2013 at 02:10:52AM +0900, Kouhei Maeda wrote: > Hi, > > I customised tacplus related "default authentication" top level > directive to enable to use PAM. > Does this patch cover enable authentication as well? Cisco ASA doesn't like priviledge assignment from TACACS, IIRC. -- Brandon Ewing (nicotine at warningg.com) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: