home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 35 Internet
/
35-Internet.zip
/
xtacacsd.zip
/
README
< prev
next >
Wrap
Text File
|
1999-05-22
|
4KB
|
106 lines
extended TACACS capability for accounting and auditing.
New commands (per system)
tacacs extended
tacacs notify connect|slip|enable|logout
Notify causes a message to be transmitted to the tacacs server,
with retransmition being performed by a background process for
up to 5 minutes. However, the user get the equivilent of an
immediate "accepted" response.
tacacs authenticate connect|slip|enable
Authenticate requires a repsonse from the server to indicate
whether the user can prefer the indicated action.
New packet format:
uchar version; /* version of protocol 0x80 */
uchar type; /* Type of query/response */
XTA_LOGIN 1
XTA_ANSWER 2
XTA_CHANGE 3
XTA_FOLLOW 4
XTA_CONNECT 5
XTA_ENABLE 6
XTA_LOGOUT 7
XTA_RELOAD 8
XTA_SLIPON 9
XTA_SLIPOFF 10
XTA_SLIPADDR 11
ushort trans; /* unique ID to associate query w reply */
uchar namelen; /* length of name */
uchar pwlen; /* length of password */
uchar response; /* response code */
XTA_A_ACCEPTED 1
XTA_A_REJECTED 2
uchar reason; /* reason for response or query */
XTA_A_NONE 0
XTA_A_EXPIRING 1
XTA_A_PASSWORD 2
XTA_A_DENIED 3
/*
* The following are reasons for "logout" and "slipoff"
*/
XTA_R_QUIT 4 /* user quit normally */
XTA_R_IDLE 5 /* idle timeout */
XTA_R_DROP 6 /* carrier dropped */
XTA_R_BAD 7 /* too many bad passwords */
ushort accesslist; /* access list for user returned at login */
ulong flags; /* misc flags */
ulong uuid; /* user id code assigned. */
ushort lport; /* local line number */
ulong dhost; /* destination host */
ushort dport; /* destination port */
/* user name */
/* password */
new xtacacsd.c documentation:
xtacacsd [-s] [-d] [-l] [-f/etc/tacpasswd] [-w/var/log/tacacs.wtmp]
-s standalone mode - the server runs continuously.
Recomended for extended use.
-d Debugging.
-l Log events to syslog local6 file. All events are logged:
system reload from server
xlogin from server ttyNN for user(gcos) accepted|rejected
xconnect from server ttyNN for user(uuid) to host:port
xlogout from server ttyNN for user(uuid) reason
xslipon from server SLIPNN for user(uuid) address slipaddress
xslipoff from server SLIPNN for user(uuid) address slipaddress
slipaddress from server ttyNN for host(gcos) accepted|rejected
-w<wtmpfile> log on/off events in a wtmp format file.
In theory, this makes it possible to keep track of per-user
connect times, and print them using the "ac" unix utility.
Events logged:
- System reload. "~" in name field, servername in host field
- Login / Logout username, "TTYnn", slipaddress
- SlipOn / SlipOff username, "SLIPnn", slipaddress
If a user logs in and issues a SLIP command, the following
sequence should appear in the wtmp file:
login TTYnn username servername
time passes
slipon SLIPnn username slipname
logout TTYnn username servername
time passes
slipoff SLIPnn username slipname
A potential problem exists: data for all servers is stored
in the same wtmp file, the differences being noted by the
ut_host field in the wtmp entries. The "ac" program may
not look at this field for determining matching entries.
Thus having the same user log in on more than one terminal
server at the same time may result in invalid final reports.
-f<passwd-file> file to find password information. If not given,
/etc/passwd is used, and the following features are not used:
- The user id is used as the uuid.
- The group ID field is used as the access list.
- An expiration data for the account is stored in the shell
field of the entry.