[tac_plus] TACPLUS AD Authentication

Daniel Schmidt daniel.schmidt at wyo.gov
Thu Jun 19 22:52:44 UTC 2014


If you could get the AFL patch in there too, that would be very useful.

https://github.com/ellzey/tac_plus_AFL



On Thu, Jun 19, 2014 at 3:58 PM, Asif Iqbal <vadud3 at gmail.com> wrote:

> I end up patching manually. It's in github.com/asifiqbal/tac_plus
> ragzilla branch.
> On Jun 19, 2014 5:14 PM, "Daniel Schmidt" <daniel.schmidt at wyo.gov> wrote:
>
>> Arg.
>>
>> $ patch -p0 < pamenable.patch
>> patching file tacacs+-F4.0.4.27a/aceclnt_fn.c
>> Hunk #1 FAILED at 193.
>> 1 out of 1 hunk FAILED -- saving rejects to file
>> tacacs+-F4.0.4.27a/aceclnt_fn.c.rej
>> patching file tacacs+-F4.0.4.27a/config.c
>> Hunk #1 FAILED at 1220.
>> Hunk #2 FAILED at 1908.
>> 2 out of 2 hunks FAILED -- saving rejects to file
>> tacacs+-F4.0.4.27a/config.c.rej
>> patching file tacacs+-F4.0.4.27a/enable.c
>> Hunk #1 FAILED at 53.
>> 1 out of 1 hunk FAILED -- saving rejects to file
>> tacacs+-F4.0.4.27a/enable.c.rej
>> patching file tacacs+-F4.0.4.27a/pwlib.c
>> Hunk #2 succeeded at 592 with fuzz 1.
>> patching file tacacs+-F4.0.4.27a/tacacs.h
>> patch unexpectedly ends in middle of line
>> Hunk #1 FAILED at 482.
>> 1 out of 1 hunk FAILED -- saving rejects to file
>> tacacs+-F4.0.4.27a/tacacs.h.rej
>>
>>
>>
>> On Thu, Jun 19, 2014 at 10:40 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>
>>>
>>>
>>>
>>> On Wed, Apr 16, 2014 at 10:54 AM, Daniel Schmidt <daniel.schmidt at wyo.gov
>>> > wrote:
>>>
>>>> I guess that would work if you wanted EVERY ad user to have access.
>>>>  Full
>>>> access, at that.
>>>>
>>>> If you priv_15 everybody, they shouldn't need an enable password.
>>>>  Doesn't
>>>> seem 2 work 4 the ASA though.  Give everybody one generic enable
>>>> password
>>>> maybe.
>>>>
>>>
>>>
>>>
>>> OR may be include this patch that Matt Addison is referring to, to the
>>> original code?
>>>
>>> https://gist.github.com/ragzilla/11297928
>>>
>>>
>>>
>>>
>>>
>>>
>>>>
>>>> On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <lslater at yorku.ca> wrote:
>>>>
>>>> > Couple questions:
>>>> >
>>>> > I am using PAM_LDAP  to authenticate our users via AD.    The
>>>> additional
>>>> > requirements are now:
>>>> >
>>>> >
>>>> >
>>>> > 1. No usernames in the Tac+ config file, I will define only groups
>>>> and use
>>>> > AD groupings to decide if that user can be allowed to access a network
>>>> > device.   Does anyone have any examples using this method?
>>>>  Currently,  I
>>>> > have the user name ......  login = PAM, listed in the tac...config
>>>> file.
>>>> >
>>>> > 2. Each user that logins into the Network device, must use their AD
>>>> > password to gain enable access to the network device.   Is anyone
>>>> using
>>>> > this method to allow users enable access, given that the Tac+ enable
>>>> > password cannot be pointed to PAM?   Each user will have using their
>>>> own
>>>> > AD login credentials.
>>>> >
>>>> >
>>>> > Regards,
>>>> > Linda Slater | Senior Network Designer, Network Development |
>>>> University
>>>> > Information Technology
>>>> > 010 Steacie Science and Engineering Library | York University | 4700
>>>> Keele
>>>> > St. , Toronto ON Canada M3J 1P3
>>>> > T: +1.416.736.2100 ext 22733 | F: +1.416.736.5830 | lslater at yorku.ca
>>>> |
>>>> > www.yorku.ca
>>>> >
>>>> > York UIT will NEVER send unsolicited requests for passwords or other
>>>> > personal information via email. Messages requesting such information
>>>> are
>>>> > fraudulent and should be deleted.
>>>> > -------------- next part --------------
>>>> > An HTML attachment was scrubbed...
>>>> > URL: <
>>>> >
>>>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html
>>>> > >
>>>> > _______________________________________________
>>>> > tac_plus mailing list
>>>> > tac_plus at shrubbery.net
>>>> > http://www.shrubbery.net/mailman/listinfo/tac_plus
>>>> >
>>>>
>>>>
>>>> E-Mail to and from me, in connection with the transaction
>>>> of public business, is subject to the Wyoming Public Records
>>>> Act and may be disclosed to third parties.
>>>> -------------- next part --------------
>>>> An HTML attachment was scrubbed...
>>>> URL: <
>>>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html
>>>> >
>>>>
>>>> _______________________________________________
>>>> tac_plus mailing list
>>>> tac_plus at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>>>
>>>
>>>
>>>
>>> --
>>> Asif Iqbal
>>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>> A: Because it messes up the order in which people normally read text.
>>> Q: Why is top-posting such a bad thing?
>>>
>>>
>> E-Mail to and from me, in connection with the transaction
>> of public business, is subject to the Wyoming Public Records
>> Act and may be disclosed to third parties.
>>
>>
>>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140619/6a408a98/attachment.html>


More information about the tac_plus mailing list