tacacs before / after authorization

pvdvoort · ‎03-14-2006

Hello,

I'm using tac_plus and want to use my own script for authorizing users, based on the NAS and based on the command a user enters.

The documentation mentions fields that can be passed to a script (like user, name, port etc) and that works geat, but is there a way to also pass the command the user entered?

The documentation states that it is possible to read all the fields in the authorization packet the NAS sent, but I can't seem to figure out how that should be done.

Any help would be appreciated. Thanks.

Peter

pvdvoort · ‎03-15-2006

ok, got it.

Next to the fields that are passed along (like user, name etc) just keep on reading standard input.

Just in case anyone else is interested:

the sdtacplus.cfg reads:

user = memyself {

before authorization "myscript $user $name'

}

Then myscript goes like

$user = $ARGV[0]

$name = $ARGV[1]

while () {

$input = $_;

chop ($input);

print "$input\n";

}

Obviously, the above just prints STDIN back to STDOUT so it's not very functional, but it's the thought that counts.

Peter