From daniel.schmidt at wyo.gov Tue Apr 5 21:51:19 2016 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 5 Apr 2016 15:51:19 -0600 Subject: [tac_plus] msg: via tac pair? Message-ID: Tue Apr 5 15:38:05 2016 [28116]: msg: Tue Apr 5 15:38:05 2016 [28116]: Password will expire soon Does tac_plus offer any other way to send a message/banner/yada to the user? I don't see a way to do it with av pairs, which is too bad. (That would be easy) -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Apr 6 17:13:34 2016 From: heas at shrubbery.net (heasley) Date: Wed, 6 Apr 2016 17:13:34 +0000 Subject: [tac_plus] msg: via tac pair? In-Reply-To: References: Message-ID: <20160406171334.GC32913@shrubbery.net> Tue, Apr 05, 2016 at 03:51:19PM -0600, Daniel Schmidt: > Tue Apr 5 15:38:05 2016 [28116]: msg: > Tue Apr 5 15:38:05 2016 [28116]: Password will expire soon > > Does tac_plus offer any other way to send a message/banner/yada to the > user? I don't see a way to do it with av pairs, which is too bad. (That > would be easy) its possible to stick a server msg on the reply, but i have no idea if the device will do anything with it - and, i do not know where this message would come from. i suppose the message could come from PAM. > -- > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/tac_plus From daniel.schmidt at wyo.gov Wed Apr 6 21:59:18 2016 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Wed, 6 Apr 2016 15:59:18 -0600 Subject: [tac_plus] msg: via tac pair? In-Reply-To: <20160406171334.GC32913@shrubbery.net> References: <20160406171334.GC32913@shrubbery.net> Message-ID: That password expiration message gets sent to the Cisco and it displays it to the user. Not sure how. Oh well, just curious really. On Wed, Apr 6, 2016 at 11:13 AM, heasley wrote: > Tue, Apr 05, 2016 at 03:51:19PM -0600, Daniel Schmidt: > > Tue Apr 5 15:38:05 2016 [28116]: msg: > > Tue Apr 5 15:38:05 2016 [28116]: Password will expire soon > > > > Does tac_plus offer any other way to send a message/banner/yada to the > > user? I don't see a way to do it with av pairs, which is too bad. (That > > would be easy) > > its possible to stick a server msg on the reply, but i have no idea if the > device will do anything with it - and, i do not know where this message > would come from. i suppose the message could come from PAM. > > > -- > > > > E-Mail to and from me, in connection with the transaction > > of public business, is subject to the Wyoming Public Records > > Act and may be disclosed to third parties. > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://www.shrubbery.net/pipermail/tac_plus/attachments/20160405/794deadc/attachment.html > > > > _______________________________________________ > > tac_plus mailing list > > tac_plus at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/tac_plus > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Apr 7 12:31:19 2016 From: heas at shrubbery.net (heasley) Date: Thu, 7 Apr 2016 12:31:19 +0000 Subject: [tac_plus] msg: via tac pair? In-Reply-To: References: <20160406171334.GC32913@shrubbery.net> Message-ID: <20160407123119.GB61620@shrubbery.net> Wed, Apr 06, 2016 at 03:59:18PM -0600, Daniel Schmidt: > That password expiration message gets sent to the Cisco and it displays it > to the user. Not sure how. Oh well, just curious really. didnt occur to me that it might do that: pwlib.c: data->server_msg = tac_strdup("Password will expire soon"); so, it does put it in the server msg field of the reply. > On Wed, Apr 6, 2016 at 11:13 AM, heasley wrote: > > > Tue, Apr 05, 2016 at 03:51:19PM -0600, Daniel Schmidt: > > > Tue Apr 5 15:38:05 2016 [28116]: msg: > > > Tue Apr 5 15:38:05 2016 [28116]: Password will expire soon > > > > > > Does tac_plus offer any other way to send a message/banner/yada to the > > > user? I don't see a way to do it with av pairs, which is too bad. (That > > > would be easy) > > > > its possible to stick a server msg on the reply, but i have no idea if the > > device will do anything with it - and, i do not know where this message > > would come from. i suppose the message could come from PAM. > > > > > -- > > > > > > E-Mail to and from me, in connection with the transaction > > > of public business, is subject to the Wyoming Public Records > > > Act and may be disclosed to third parties. > > > -------------- next part -------------- > > > An HTML attachment was scrubbed... > > > URL: < > > http://www.shrubbery.net/pipermail/tac_plus/attachments/20160405/794deadc/attachment.html > > > > > > _______________________________________________ > > > tac_plus mailing list > > > tac_plus at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/tac_plus > > > > -- > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. From elaine.doyle at salesforce.com Tue Apr 26 11:52:19 2016 From: elaine.doyle at salesforce.com (Elaine Doyle) Date: Tue, 26 Apr 2016 12:52:19 +0100 Subject: [tac_plus] New suggestion for tac_plus on Linux Message-ID: Hi folks. Wondering how I can go about recommending/providing an inclusion for log rotation in tac_plus build for Linux % rpm -qa | grep tacacs tacacs+-F4.0.4.26-1.el6.x86_64 If file "/etc/logrotate.d/tac_plus" is added to the RPM this will mean the tac_plus.log gets setup to be rotated automatically & can easily be controlled within /etc/logrotate.d/logrotate.conf by the administrator if required. [11:37]:ls -lh /var/log/tac* -rw-r--r-- 1 root root 34153358204 Apr 17 03:31 /var/log/tac_plus.log-20160417 -rw-r--r-- 1 root root 2715867172 Apr 24 03:16 /var/log/tac_plus.log-20160424 Create file: /etc/logrotate.d/tac_plus Add: /var/log/tac_plus.log /var/log/tac_plus.acct { rotate 4 weekly compress missingok notifempty postrotate /etc/init.d/tacplus force-reload > /dev/null endscript } Pre-req for operation: CRON.DAILY % cat /etc/cron.daily/logrotate ? Regards Elaine Doyle -- *Elaine Doyle* *Lead Infrastructure Security Engineer: * s yssec at salesforce.com / krb-admin at salesforce.com *Address: Level 1, Block A, The Atrium, Sandyford Business Park, Dublin 18, Ireland* *Phone: +353 1 5335025, +353 86 8321417 **email: * elaine.doyle at salesforce.com *YIM: *edoyle_sfdc *"I saw the crescent, but you saw the whole of the moon"* -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2016-04-26 at 12.50.48 PM.png Type: image/png Size: 12119 bytes Desc: not available URL: From heas at shrubbery.net Thu Apr 28 08:56:48 2016 From: heas at shrubbery.net (heasley) Date: Thu, 28 Apr 2016 08:56:48 +0000 Subject: [tac_plus] New suggestion for tac_plus on Linux In-Reply-To: References: Message-ID: <20160428085648.GG2363@shrubbery.net> Tue, Apr 26, 2016 at 12:52:19PM +0100, Elaine Doyle: > Hi folks. > > Wondering how I can go about recommending/providing an inclusion for log > rotation in tac_plus build for Linux > % rpm -qa | grep tacacs > tacacs+-F4.0.4.26-1.el6.x86_64 > > If file "/etc/logrotate.d/tac_plus" is added to the RPM this will mean the > tac_plus.log gets setup to be rotated automatically & can easily be we do not supply the init.d script or the RPM. I suggest a ticket with your linux distribution. > controlled within /etc/logrotate.d/logrotate.conf by the administrator if > required. > > [11:37]:ls -lh /var/log/tac* > -rw-r--r-- 1 root root 34153358204 Apr 17 03:31 > /var/log/tac_plus.log-20160417 > -rw-r--r-- 1 root root 2715867172 Apr 24 03:16 > /var/log/tac_plus.log-20160424 > > Create file: > /etc/logrotate.d/tac_plus > > Add: > /var/log/tac_plus.log > /var/log/tac_plus.acct { > rotate 4 > weekly > compress > missingok > notifempty > postrotate > /etc/init.d/tacplus force-reload > /dev/null > endscript > } > > > Pre-req for operation: CRON.DAILY > > % cat /etc/cron.daily/logrotate > > ? > > Regards > Elaine Doyle > > > > -- > > *Elaine Doyle* > *Lead Infrastructure Security Engineer: * s > yssec at salesforce.com / krb-admin at salesforce.com > *Address: Level 1, Block A, The Atrium, Sandyford Business Park, Dublin > 18, Ireland* > *Phone: +353 1 5335025, +353 86 8321417 **email: * > elaine.doyle at salesforce.com *YIM: *edoyle_sfdc > *"I saw the crescent, but you saw the whole of the moon"* > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: Screen Shot 2016-04-26 at 12.50.48 PM.png > Type: image/png > Size: 12119 bytes > Desc: not available > URL: > _______________________________________________ > tac_plus mailing list > tac_plus at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/tac_plus From elaine.doyle at salesforce.com Thu Apr 28 09:02:46 2016 From: elaine.doyle at salesforce.com (Elaine Doyle) Date: Thu, 28 Apr 2016 10:02:46 +0100 Subject: [tac_plus] New suggestion for tac_plus on Linux In-Reply-To: <20160428085648.GG2363@shrubbery.net> References: <20160428085648.GG2363@shrubbery.net> Message-ID: I'm not suggestion the addition of an init.d script. I'm suggesting the addition of this File: /etc/logrotate.d/tac_plus with contents: /var/log/tac_plus.log /var/log/tac_plus.acct { rotate 4 weekly compress missingok notifempty postrotate /dev/null endscript On Thu, Apr 28, 2016 at 9:56 AM, heasley wrote: > Tue, Apr 26, 2016 at 12:52:19PM +0100, Elaine Doyle: > > Hi folks. > > > > Wondering how I can go about recommending/providing an inclusion for log > > rotation in tac_plus build for Linux > > % rpm -qa | grep tacacs > > tacacs+-F4.0.4.26-1.el6.x86_64 > > > > If file "/etc/logrotate.d/tac_plus" is added to the RPM this will mean > the > > tac_plus.log gets setup to be rotated automatically & can easily be > > we do not supply the init.d script or the RPM. I suggest a ticket with > your linux distribution. > > > controlled within /etc/logrotate.d/logrotate.conf by the administrator if > > required. > > > > [11:37]:ls -lh /var/log/tac* > > -rw-r--r-- 1 root root 34153358204 Apr 17 03:31 > > /var/log/tac_plus.log-20160417 > > -rw-r--r-- 1 root root 2715867172 Apr 24 03:16 > > /var/log/tac_plus.log-20160424 > > > > Create file: > > /etc/logrotate.d/tac_plus > > > > Add: > > /var/log/tac_plus.log > > /var/log/tac_plus.acct { > > rotate 4 > > weekly > > compress > > missingok > > notifempty > > postrotate > > /etc/init.d/tacplus force-reload > /dev/null > > endscript > > } > > > > > > Pre-req for operation: CRON.DAILY > > > > % cat /etc/cron.daily/logrotate > > > > ? > > > > Regards > > Elaine Doyle > > > > > > > > -- > > > > *Elaine Doyle* > > *Lead Infrastructure Security Engineer: * s < > https://www.salesforce.com> > > yssec at salesforce.com / krb-admin at salesforce.com > > *Address: Level 1, Block A, The Atrium, Sandyford Business Park, Dublin > > 18, Ireland* > > *Phone: +353 1 5335025, +353 86 8321417 **email: * > > elaine.doyle at salesforce.com *YIM: *edoyle_sfdc > > *"I saw the crescent, but you saw the whole of the moon"* > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://www.shrubbery.net/pipermail/tac_plus/attachments/20160426/444256e4/attachment.html > > > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: Screen Shot 2016-04-26 at 12.50.48 PM.png > > Type: image/png > > Size: 12119 bytes > > Desc: not available > > URL: < > http://www.shrubbery.net/pipermail/tac_plus/attachments/20160426/444256e4/attachment.png > > > > _______________________________________________ > > tac_plus mailing list > > tac_plus at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/tac_plus > -- *Elaine Doyle* *Lead Infrastructure Security Engineer: * s yssec at salesforce.com / krb-admin at salesforce.com *Address: Level 1, Block A, The Atrium, Sandyford Business Park, Dublin 18, Ireland* *Phone: +353 1 5335025, +353 86 8321417 **email: * elaine.doyle at salesforce.com *YIM: *edoyle_sfdc *"I saw the crescent, but you saw the whole of the moon"* -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Apr 29 12:02:02 2016 From: heas at shrubbery.net (Heasley) Date: Fri, 29 Apr 2016 14:02:02 +0200 Subject: [tac_plus] New suggestion for tac_plus on Linux In-Reply-To: References: <20160428085648.GG2363@shrubbery.net> Message-ID: <784F9134-C474-4398-96C9-9D45EE7C07A3@shrubbery.net> Am 28.04.2016 um 11:02 schrieb Elaine Doyle : > > I'm not suggestion the addition of an init.d script. > We do not create the rpms. I believe that the rpm info shows the party who is responsible. > I'm suggesting the addition of this > > File: > /etc/logrotate.d/tac_plus > > with contents: > /var/log/tac_plus.log > /var/log/tac_plus.acct { > rotate 4 > weekly > compress > missingok > notifempty > postrotate > /dev/null > endscript > > > > >> On Thu, Apr 28, 2016 at 9:56 AM, heasley wrote: >> Tue, Apr 26, 2016 at 12:52:19PM +0100, Elaine Doyle: >> > Hi folks. >> > >> > Wondering how I can go about recommending/providing an inclusion for log >> > rotation in tac_plus build for Linux >> > % rpm -qa | grep tacacs >> > tacacs+-F4.0.4.26-1.el6.x86_64 >> > >> > If file "/etc/logrotate.d/tac_plus" is added to the RPM this will mean the >> > tac_plus.log gets setup to be rotated automatically & can easily be >> >> we do not supply the init.d script or the RPM. I suggest a ticket with >> your linux distribution. >> >> > controlled within /etc/logrotate.d/logrotate.conf by the administrator if >> > required. >> > >> > [11:37]:ls -lh /var/log/tac* >> > -rw-r--r-- 1 root root 34153358204 Apr 17 03:31 >> > /var/log/tac_plus.log-20160417 >> > -rw-r--r-- 1 root root 2715867172 Apr 24 03:16 >> > /var/log/tac_plus.log-20160424 >> > >> > Create file: >> > /etc/logrotate.d/tac_plus >> > >> > Add: >> > /var/log/tac_plus.log >> > /var/log/tac_plus.acct { >> > rotate 4 >> > weekly >> > compress >> > missingok >> > notifempty >> > postrotate >> > /etc/init.d/tacplus force-reload > /dev/null >> > endscript >> > } >> > >> > >> > Pre-req for operation: CRON.DAILY >> > >> > % cat /etc/cron.daily/logrotate >> > >> > ? >> > >> > Regards >> > Elaine Doyle >> > >> > >> > >> > -- >> > >> > *Elaine Doyle* >> > *Lead Infrastructure Security Engineer: * s >> > yssec at salesforce.com / krb-admin at salesforce.com >> > *Address: Level 1, Block A, The Atrium, Sandyford Business Park, Dublin >> > 18, Ireland* >> > *Phone: +353 1 5335025, +353 86 8321417 **email: * >> > elaine.doyle at salesforce.com *YIM: *edoyle_sfdc >> > *"I saw the crescent, but you saw the whole of the moon"* >> > -------------- next part -------------- >> > An HTML attachment was scrubbed... >> > URL: >> > -------------- next part -------------- >> > A non-text attachment was scrubbed... >> > Name: Screen Shot 2016-04-26 at 12.50.48 PM.png >> > Type: image/png >> > Size: 12119 bytes >> > Desc: not available >> > URL: >> > _______________________________________________ >> > tac_plus mailing list >> > tac_plus at shrubbery.net >> > http://www.shrubbery.net/mailman/listinfo/tac_plus > > > > -- > Elaine Doyle > Lead Infrastructure Security Engineer: syssec at salesforce.com / krb-admin at salesforce.com > Address: Level 1, Block A, The Atrium, Sandyford Business Park, Dublin 18, Ireland > Phone: +353 1 5335025, +353 86 8321417 email: elaine.doyle at salesforce.com YIM: edoyle_sfdc > > "I saw the crescent, but you saw the whole of the moon" -------------- next part -------------- An HTML attachment was scrubbed... URL: