[tac_plus] (no subject)
heasley
heas at shrubbery.net
Mon Dec 19 20:09:39 UTC 2016
Tue, Dec 13, 2016 at 11:13:56AM -0700, Philip Prindeville:
> If anyone is interested, there were some bugs that impeded single connection mode from working.
>
> This commit fixes that:
>
> https://github.com/pprindeville/tac_plus/commit/b71502fac3ee593468c87bd4253eac423fc6ed70
>
> The main problems were that we were checking for the seq_no for being 1 during authentication or authorization requests; and we were resetting the session sequence number each time through start_session()’s loop. The latter should only have happened at the top of the loop.
>
> The only verification needed is that the received header’s seq_no needs to match that of the session.
>
> The changes are trivial.
my recollection is that cisco ios and ios-xr both do not perform
single-connection tacacs properly. and, when I tried to engage DEs to
fix the problem, they were not interested in touching it.
More information about the tac_plus
mailing list