Yes you can do all this Eric...
First, download the following...
tac_plus.F4.0.4.alpha+acl+libwrap.tar.gz you can get this from
http://www.shrubbery.net/tac_plus
This has a few neccessary features all ready set in the Makefile (acl
support, tcp wrappers support,...)
Then you need to add this...
<excerpt from tacplus-l>
If you mean you want it to use the shadow library (use both password and
shadow in conjunction), then you have to compile tac_plus with
SHADOW_PASSWORDS enabled; look in tac_plus.h and put a
#define SHADOW_PASSWORDS
inside the #ifdef LINUX section and then compile tac_plus with make.
If you want to make tac_plus read ONLY the /etc/shadow file, it will not
work, because the /etc/shadow file has more than 6 colons in each entry,
and you shouldn't change the structure of your shadow file (?). Tac_plus
without SHADOW_PASSWORDS support is in fact expecting the old-style
password file format that contained encrypted passwords (6 colons
only). Also note, tac_plus can't read the system /etc/shadow file
directly
unless it is run as root.
</excerpt from tacplus-l>
Then compile the little bugger and you should be smokin...
Hope that helps...
On Jan 31, 2001 Eric Chan reported:
> i know, but i have enable the debug mode on my router, the av attribute
> send to tacaus is only
> service, username, and command input, but not ip address
>
>
> ----- Original Message -----
> From: "Roy" <garlic@garlic.com>
> To: "Eric Chan" <bigeric@hknet.com>
> Cc: <cisco-nsp@puck.nether.net>
> Sent: Wednesday, January 31, 2001 3:49 PM
> Subject: Re: [nsp] enquiry on tacas
>
>
> >
> > I know you can do it with radius. You use the IP address that is
> requesting
> > the authentication as part of the check items in determining to
> authenticate
> > and what parameters to send back
> >
> >
> >
> >
>
-- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT