[tac_plus] Re: after authorization
john heasley
heas at shrubbery.net
Fri Oct 31 06:45:28 UTC 2008
Fri, Oct 31, 2008 at 02:55:43PM +1300, Ian Batterbee:
> Hi,
>
> I'm now trying (as suggested by previous posters) to use 'after
> authorization "external-process"' in order to provide arbitary AV values
> back to the client.
>
> The trouble is that while the config file parses okay, the external script
> never gets executed. I've tried "before authorization" as well, with the
> same results.
>
> user=test {
> before authorization "/usr/local/tac/postauth $user"
> }
>
> Currently, the script writes to a log file in /tmp/, so that I can see if it
> runs, and the file is never touched.
>
> I've tried the latest version of tacacs+ from shrubbery.net, with the same
> results.
>
> Am I doing something fundamentally wrong here, or does it not work as the
> documentation suggests it should ?
the client has to use authorization. also see the -d/debug options.
More information about the tac_plus
mailing list