[tac_plus] Group access enable - possible bug
Schmidt, Daniel
DSchmi at wyo.gov
Thu Mar 3 17:44:41 UTC 2011
If a member explicitly put in a group, file enable password works. However, if that user a member of that group via user = DEFAULT, it does not work. As you can see from the debug, it checks do_auth_access, but does not return a value. Finding the specific user however, makes it suddenly work. This should not be so - the recurse group is the same for both. Comments?
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_value: name=dans isuser=1 attr=enableacl rec=1
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_value: recurse group = do_auth_access
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_pvalue: returns NULL
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_value: name=dans isuser=1 attr=enable rec=1
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_value: recurse group = do_auth_access
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_pvalue: returns file /etc/passwd
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_value: name=dans isuser=1 attr=expires rec=1
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_value: recurse group = do_auth_access
Tue Mar 1 15:18:05 2011 [27114]: cfg_get_pvalue: returns NULL
Tue Mar 1 15:18:05 2011 [27114]: enable query for 'dans' tty322 from 159.238.233.20 accepted
Defined user: (Should not be required)
user = dans {
member = do_auth_access
}
Default user:
user = DEFAULT {
member = do_auth_access
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20110303/2b6cbd60/attachment.html>
More information about the tac_plus
mailing list