* Added libpam-runtime support for debian * Added use_first_pass and try_first_pass option, thanks to Luc Ducazu <email@example.com> * Changed e-mail adres to firstname.lastname@example.org * Improved accounting, added cmd attribute for command logging * Added tac_acct_flag2str() * Renamed tac_account_read, tac_account_send to tac_acct_read and tac_acct_send * pam_tacplus.spec.in: fixed static library path and pam_tacplus.so location * Debian packaging improvements
* This version will be dedicated to Darren Besler, thank you for your major contribution! * libtac version is now 1.7.1 * magic.c: magic_inited is only used for linux * Finally got rid of all goto illness! * Changed tabsize to 4 * Fixed missing xalloc.h in authen_s.c * Get PAM_RHOST from PAM stack and use it as rem_addr * Added _pam_get_rhost() and _pam_get_user() * A long list of things done by Darren Besler... * A list of bugs fixed by Darren Besler... * And other things done by Darren Besler... 1.3.4 * removed encrypt option just check if there is a secret (key). * removed first_hit option because you can get the same behaviour by using only one server. * added multiple secret support. * connect.c: improved connection error handling by using getpeername() to check if connection is still valid. * properly handle multiple servers when authenticating. 1.3.3 * pam_tacplus.h: changed bitflags to hex. * Added gitignore for build stuff. * connect.c: removed ifdef for sys/socket.h, it will be included anyway for other platforms. * connect.c: improved connection error handling. 1.3.2 * Added autotool configuration files. * Added pam_tacplus.spec file. * Added license information to all files and the license itself. * All AV pairs are now available to the PAM environment. * Rewritten attribute loop in function pam_sm_acct_mgmt() for debug and future use of AV pairs. * Fixed attribute buffer in author_r.c. 1.3.1 * Added custom password prompt option. * Removed password logging when in debug mode. 1.3.0 * Released version 1.3.0 based on 1.2.13. This release finally includes support for TACACS+ chap and login authentication. The default is still pap for backward compatibility. 1.2.13 * Changed spaces into tabs for pam_tacplus.c so make it more readable. * Did some minor cleanup. * Added login option so you can choose which TACACS+ authentication you want to use. You can use pap, chap or login (ascii) at the moment. The default login option is pap. * Added cont_s.c needed for TACACS+ login authentication. 1.2.12 * Missing network byte order convertion to host byte order in function's tac_account_read, tac_authen_pap_read and tac_author_read. * Fixed potential memory leak.
This PAM module support authentication, authorization (account management) and accounting (session management) performed using TACACS+ protocol designed by Cisco.