NetNews Usenet Archive 1992 #18

home *** CD-ROM | disk | FTP | other *** search

/ NetNews Usenet Archive 1992 #18 / NN_1992_18.iso / spool / comp / dcom / sys / cisco / 1087 < prev next >

Wrap

Text File | 1992-08-12 | 3.8 KB | 123 lines

Newsgroups: comp.dcom.sys.cisco Path: sparky!uunet!boulder!recnews From: evan@is.rice.edu (Evan R. Wetstone) Subject: Re: Tacacs-server authenticate slip In-Reply-To: <9208121844.AA06910@is.rice.edu>; from "Andy Hooper" at Aug 12, 92 2:35 pm Message-ID: <9208121940.AA07619@is.rice.edu> Sender: news@colorado.edu Date: 12 Aug 92 14:40:44 CDT X-Mailer: ELM [version 2.3 PL11] Lines: 111 Andy Hooper writes: > > >Has anyone gotten the command "tacacs-server authenticate slip" to work? > > What a coincidence! I also was trying that just yesterday. Are you using > 'slip address dynamic' or 'slip address nn.nn.nn.nn'? My conclusion from > reading the manual was that tacacs authentication for slip only applies > when you have 'slip address dynamic' (top of page 7-6). In that case the > tacacs userid seems to be the IP address. In our case (non-dynamic), the > userid in the tacacs log was some mangled string ' user operto '. I'm using "slip address nn.nn.nn.nn". The manual says (under slip address dynamic) "This feature is supported when a TACACS server is used." (bottom of page 7-5) I interpret that as meaning that the dynamic address feature will only work if you run a tacacs server. The "tacacs-server authenticate slip" command (page 4-26) doesn't say anything at all regarding which method of SLIP addressing you are using. I don't want to assign each SLIP user their own IP address, which I would have to do if I used slip address dynamic. Regarding your problem with the userid field getting mangled, I found some problems with the code that caused some pointers to off by two bytes. Context diff output follows: *** xtacacsd.c.orig Fri Aug 7 11:29:58 1992 --- xtacacsd.c Fri Aug 7 15:01:17 1992 *************** *** 740,748 **** #endif /* not SYSV */ sprintf(linename, "TTY%o", tp->lport); ! strncpy(name, (char *)(tp + 1), tp->namelen); name[tp->namelen] = '\0'; ! strncpy(passwd, (char *)(tp + 1) + tp->namelen, tp->pwlen); if (tp->pwlen > PASSWD_LENGTH) tp->pwlen = PASSWD_LENGTH; passwd[tp->pwlen] = '\0'; --- 740,748 ---- #endif /* not SYSV */ sprintf(linename, "TTY%o", tp->lport); ! strncpy(name, ((char *)tp)+XTACACSSIZE, tp->namelen); name[tp->namelen] = '\0'; ! strncpy(passwd, ((char *)tp)+XTACACSSIZE + tp->namelen, tp->pwlen); if (tp->pwlen > PASSWD_LENGTH) tp->pwlen = PASSWD_LENGTH; passwd[tp->pwlen] = '\0'; *************** *** 859,865 **** { struct hostent *hp1; char linename[20]; ! char *name = (char *) (tp + 1); name[tp->namelen] = 0; --- 859,865 ---- { struct hostent *hp1; char linename[20]; ! char *name = ((char *)tp) + XTACACSSIZE; name[tp->namelen] = 0; *************** *** 892,897 **** --- 892,900 ---- struct hostent *hp1; char linename[20]; char *name; + + name = (char *) (((char *)tp)+XTACACSSIZE); + name[tp->namelen] = 0; hp1 = gethostbyaddr(&tp->dhost, sizeof (struct in_addr), AF_INET); *************** *** 905,911 **** sprintf(linename, "SLIP%o", tp->lport); wtmp_entry(linename, "", hp1 ? hp1->h_name : (char *)inet_ntoa(tp->dhost) ); name = (char *) (((char *)tp)+XTACACSSIZE); ! name[tp->namelen] = 0; if (logging) if (logging) syslog(LOG_INFO, "xslip off from %s %s for %s(%d) address %s\n", hp ? hp->h_name : (char *)inet_ntoa(from.sin_addr), linename, --- 908,914 ---- sprintf(linename, "SLIP%o", tp->lport); wtmp_entry(linename, "", hp1 ? hp1->h_name : (char *)inet_ntoa(tp->dhost) ); name = (char *) (((char *)tp)+XTACACSSIZE); ! name[tp->namelen] = 0; if (logging) syslog(LOG_INFO, "xslip off from %s %s for %s(%d) address %s\n", hp ? hp->h_name : (char *)inet_ntoa(from.sin_addr), linename, -- Evan