diff options
author | Masafumi Max NAKANE <max@FreeBSD.org> | 1997-09-17 04:51:47 +0000 |
---|---|---|
committer | Masafumi Max NAKANE <max@FreeBSD.org> | 1997-09-17 04:51:47 +0000 |
commit | 12da0f136383c99bfb84ec7d401fc9d5be5aaef1 (patch) | |
tree | d0a88b4850a31815ae1b491a318e227859339198 | |
parent | 9294836028be9f8f7d95ecb8f7699d192805f497 (diff) | |
download | ports-12da0f136383c99bfb84ec7d401fc9d5be5aaef1.tar.gz ports-12da0f136383c99bfb84ec7d401fc9d5be5aaef1.zip |
Notes
-rw-r--r-- | net/tac_plus4/Makefile | 18 | ||||
-rw-r--r-- | net/tac_plus4/files/extra-patch-ba | 69 | ||||
-rw-r--r-- | net/tac_plus4/files/tac_plus.conf.example | 76 | ||||
-rw-r--r-- | net/tac_plus4/pkg-comment | 2 | ||||
-rw-r--r-- | net/tac_plus4/pkg-descr | 11 | ||||
-rw-r--r-- | net/tac_plus4/pkg-plist | 2 |
6 files changed, 166 insertions, 12 deletions
diff --git a/net/tac_plus4/Makefile b/net/tac_plus4/Makefile index ecb051ca9631..8031028b52f5 100644 --- a/net/tac_plus4/Makefile +++ b/net/tac_plus4/Makefile @@ -17,18 +17,23 @@ MAINTAINER= igor@zynaps.ru EXTRACT_BEFORE_ARGS= -C ${WRKDIR} -xf ALL_TARGET= tac_plus MAN8= tac_plus.8 +EXTRA_PATCH= patch-ba -post-patch: - @${MV} -f ${WRKSRC}/tac_plus.1 ${WRKSRC}/tac_plus.8 +# To change the text displayed when users are prompted to enter +# a username, set appropriately TAC_CHANGE_PROMPT variable. +.if defined(TAC_CHANGE_PROMPT) && ${TAC_CHANGE_PROMPT} == YES +pre-patch: + @${CP} ${FILESDIR}/${EXTRA_PATCH} ${PATCHDIR} +.endif do-install: ${INSTALL_PROGRAM} ${WRKSRC}/tac_plus ${PREFIX}/sbin - ${INSTALL_MAN} ${WRKSRC}/tac_plus.8 ${PREFIX}/man/man8 - ${INSTALL_DATA} ${FILESDIR}/tacacs.conf.example ${PREFIX}/etc/ + ${INSTALL_MAN} ${WRKSRC}/tac_plus.1 ${PREFIX}/man/man8/tac_plus.8 + ${INSTALL_DATA} ${FILESDIR}/tac_plus.conf.example ${PREFIX}/etc/ @if [ ! -f ${PREFIX}/etc/rc.d/tac_plus.sh ]; then \ ${ECHO} "Installing ${PREFIX}/etc/rc.d/tac_plus.sh startup file."; \ echo "#!/bin/sh" > ${PREFIX}/etc/rc.d/tac_plus.sh; \ - echo "[ -x ${PREFIX}/sbin/tac_plus -a -f ${PREFIX}/etc/tac_plus.conf ] && ${PREFIX}/sbin/tac_plus -C ${PREFIX}/etc/tacacs.conf && echo -n ' tac_plus'" >> ${PREFIX}/etc/rc.d/tac_plus.sh; \ + echo "[ -x ${PREFIX}/sbin/tac_plus -a -f ${PREFIX}/etc/tac_plus.conf ] && ${PREFIX}/sbin/tac_plus -C ${PREFIX}/etc/tac_plus.conf && echo -n ' tac_plus'" >> ${PREFIX}/etc/rc.d/tac_plus.sh; \ chmod 751 ${PREFIX}/etc/rc.d/tac_plus.sh; \ fi .if !defined(NOPORTDOCS) @@ -36,4 +41,7 @@ do-install: ${INSTALL_DATA} ${WRKSRC}/users_guide ${PREFIX}/share/doc/tac_plus .endif +pre-clean: + @${RM} -f ${PATCHDIR}/${EXTRA_PATCH} + .include <bsd.port.mk> diff --git a/net/tac_plus4/files/extra-patch-ba b/net/tac_plus4/files/extra-patch-ba new file mode 100644 index 000000000000..9cb5ff36426d --- /dev/null +++ b/net/tac_plus4/files/extra-patch-ba @@ -0,0 +1,69 @@ +*** authen.c.orig Sat Jul 29 02:49:15 1995 +--- authen.c Wed Jul 16 15:00:40 1997 +*************** +*** 209,217 **** + + datap->status = TAC_PLUS_AUTHEN_STATUS_GETUSER; + if (datap->service == TAC_PLUS_AUTHEN_SVC_LOGIN) { +! prompt = "\nUser Access Verification\n\nUsername: "; + } else { +! prompt = "Username: "; + } + send_authen_reply(TAC_PLUS_AUTHEN_STATUS_GETUSER, /* status */ + prompt, /* msg */ +--- 209,217 ---- + + datap->status = TAC_PLUS_AUTHEN_STATUS_GETUSER; + if (datap->service == TAC_PLUS_AUTHEN_SVC_LOGIN) { +! prompt = "\nUser Access Verification\n\nlogin: "; + } else { +! prompt = "login: "; + } + send_authen_reply(TAC_PLUS_AUTHEN_STATUS_GETUSER, /* status */ + prompt, /* msg */ +*** default_fn.c.orig Sat Jul 29 02:49:18 1995 +--- default_fn.c Wed Jul 16 15:00:52 1997 +*************** +*** 76,84 **** + /* No username. Try requesting one */ + data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER; + if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) { +! prompt = "\nUser Access Verification\n\nUsername: "; + } else { +! prompt = "Username: "; + } + data->server_msg = tac_strdup(prompt); + p->state = STATE_AUTHEN_GETUSER; +--- 76,84 ---- + /* No username. Try requesting one */ + data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER; + if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) { +! prompt = "\nUser Access Verification\n\nlogin: "; + } else { +! prompt = "login: "; + } + data->server_msg = tac_strdup(prompt); + p->state = STATE_AUTHEN_GETUSER; +*** skey_fn.c.orig Wed Jul 16 14:38:34 1997 +--- skey_fn.c Wed Jul 16 15:01:01 1997 +*************** +*** 104,112 **** + /* No username. Try requesting one */ + data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER; + if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) { +! prompt = "\nUser Access Verification\n\nUsername: "; + } else { +! prompt = "Username: "; + } + data->server_msg = tac_strdup(prompt); + p->state = STATE_AUTHEN_GETUSER; +--- 104,112 ---- + /* No username. Try requesting one */ + data->status = TAC_PLUS_AUTHEN_STATUS_GETUSER; + if (data->service == TAC_PLUS_AUTHEN_SVC_LOGIN) { +! prompt = "\nUser Access Verification\n\nlogin: "; + } else { +! prompt = "login: "; + } + data->server_msg = tac_strdup(prompt); + p->state = STATE_AUTHEN_GETUSER; diff --git a/net/tac_plus4/files/tac_plus.conf.example b/net/tac_plus4/files/tac_plus.conf.example new file mode 100644 index 000000000000..0d7b273210a6 --- /dev/null +++ b/net/tac_plus4/files/tac_plus.conf.example @@ -0,0 +1,76 @@ +# /usr/local/etc/tac_plus.conf + +user=fred { + name = "Fred Flintstone" + login = des mEX027bHtzTlQ + + # Remember that authorization is also recursive over groups, in + # the same way that password lookups are recursive. Thus, if you + # place a user in a group, the daemon will look in the group for + # authorization parameters if it cannot find them in the user + # declaration. + member = admin + + expires = "May 23 2005" + + service = exec { + # When Fred starts an exec, his connection access list is 5 + acl = 5 + + # We require this autocmd to be done at startup + autocmd = "telnet foo" + } + + # All commands except telnet 131.108.13.* are denied for Fred + cmd = telnet { + # Fred can run the following telnet command + permit 131\.108\.13\.[0-9]+ + + deny .* + } + + service = ppp protocol = ip { + # Fred can run ip over ppp only if he uses one + # of the following mandatory addresses If he supplies no + # address, the first one here will be mandated + addr=131.108.12.11 + addr=131.108.12.12 + addr=131.108.12.13 + addr=131.108.12.14 + + # Fred's mandatory input access list number is 101 + inacl=101 + + # We will suggest an output access list of 102, but Fred may + # choose to ignore or override it + optional outacl=102 + } + + service = slip { + # Fred can run slip. When he does, he will have to use + # these mandatory access lists + inacl=101 + outacl=102 + } + + # set a timeout in the lcp layer of ppp + service = ppp protocol = lcp { + timeout = 10 + } +} + +user = wilma { + # Wilma has no password of her own, but she's a group member so + # she'll use the group password if there is one. Same for her + # password expiry date + member = admin +} + +group = admin { + # group members who don't have their own password will be looked + # up in /etc/passwd + login = file /etc/passwd + + # group members who have no expiry date set will use this one + expires = "Jan 1 1998" +} diff --git a/net/tac_plus4/pkg-comment b/net/tac_plus4/pkg-comment index b7f8aec88b4e..b7c8d4530c34 100644 --- a/net/tac_plus4/pkg-comment +++ b/net/tac_plus4/pkg-comment @@ -1 +1 @@ -a remote authentication/authorization/accounting server +A remote authentication/authorization/accounting server. diff --git a/net/tac_plus4/pkg-descr b/net/tac_plus4/pkg-descr index e82d355ed9f1..c0db6131ed2e 100644 --- a/net/tac_plus4/pkg-descr +++ b/net/tac_plus4/pkg-descr @@ -1,8 +1,9 @@ -tac_plus provides Cisco systems routers and access servers -with authentication, authorisation and accounting services. - -A configuration file controls the details of authentication, -authorisation and accounting. +tacacs+ services network requests for authentication +and authorization, verifies identities, grants or denies +authorizations, and logs accounting records. + +Details are described at: +http://www.cisco.com/warp/public/146/187.html -- Igor igor@zynaps.ru diff --git a/net/tac_plus4/pkg-plist b/net/tac_plus4/pkg-plist index 0c3a00efa67d..631a77599691 100644 --- a/net/tac_plus4/pkg-plist +++ b/net/tac_plus4/pkg-plist @@ -1,6 +1,6 @@ sbin/tac_plus etc/rc.d/tac_plus.sh -etc/tacacs.conf.example +etc/tac_plus.conf.example man/man8/tac_plus.8.gz share/doc/tac_plus/users_guide @dirrm share/doc/tac_plus |