[tac_plus] Re: after authorization

john heasley heas at shrubbery.net
Fri Oct 31 06:45:28 UTC 2008

Fri, Oct 31, 2008 at 02:55:43PM +1300, Ian Batterbee:
> Hi,
> I'm now trying (as suggested by previous posters) to use 'after
> authorization "external-process"' in order to provide arbitary AV values
> back to the client.
> The trouble is that while the config file parses okay, the external script
> never gets executed. I've tried "before authorization" as well, with the
> same results.
> user=test {
>    before authorization "/usr/local/tac/postauth $user"
> }
> Currently, the script writes to a log file in /tmp/, so that I can see if it
> runs, and the file is never touched.
> I've tried the latest version of tacacs+ from shrubbery.net, with the same
> results.
> Am I doing something fundamentally wrong here, or does it not work as the
> documentation suggests it should ?

the client has to use authorization.  also see the -d/debug options.

More information about the tac_plus mailing list