FreeBSD Port: quagga-0.99.9_7
Daniel Dvořák
dandee at hellteam.net
Fri Jul 4 00:21:09 UTC 2008
Hi Boris,
I am sorry for my late answer. I was on holidays.
>I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it what You need?
egrep "ENABLE_VTY_GROUP" /usr/ports/net/quagga/Makefile
.if defined(ENABLE_VTY_GROUP)
CONFIGURE_ARGS+=--enable-vty-group=${ENABLE_VTY_GROUP}
@${ECHO} "ENABLE_VTY_GROUP Specify group for vty socket ownership"
But it seems it is not enabled, isn´t it ?
I'm not sure if this is it, but I would like to behave the quagga in Debian (Linux) and FreeBSD consistently.
In contrast, FreeBSD, Linux also has a file named quagga in the directory /etc/pam.d/.
This file is not in FreeBSD in directory /usr/local/etc/pam.d or /etc/pam.d, which I would in the case of second option even understand.
Perhaps to FreeBSD is not needed, but then what exactly in the table the options of quagga when compiling means the possibility of "PAM PAM authentication for vtysh" ?
However, the aim is this:
I have an user XXX and I want him to give sufficient privileges to manipulate the quagga. I do not want to give him permission through sudo or through su commands. In addition, I want in order to when in the vtysh.conf file, the user XXX is set with the possibility of nopassword, vtysh not ask me for a password to the quagga.
Sh interpreter is preset to FreeBSD systems, so that the goal is for these above-mentioned conditions, to run vtysh straight and asks for nothing.
So far, only what the user see the error message:
> Vtysh
Exiting: failed to connect to any daemons.
>
I do not know how to do, to ask me, but the goal is identical behavior quagga on FreeBSD to Linux systems and that´s all, not more and not less.
Thank you.
Regards,
Daniel
-----Original Message-----
From: Boris Kovalenko [mailto:boris at tagnet.ru]
Sent: Thursday, June 26, 2008 5:45 AM
To: dandee at hellteam.net
Subject: Re: FreeBSD Port: quagga-0.99.9_7
Hello, Daniel!
I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it what You need?
> Hi Boris,
> I would like to turn your attention on one little bug in quagga on
> FreeBSD.
> Why don´t we user groupname quaggavty from the beginning when the
> quagga had been ported to FreeBSD ?
> What do I mena ? I will show you the diffrence between quagga on
> Debian and on our FreeBSD.
> They use group quaggavty for command vtysh and they help themself with
> pam.d/quagga file.
> user at server$ <mailto:user at server$> ls -l /etc/pam.d/quagga
> -rw-r--r-- 1 root root 162 2007-09-26 08:20 /etc/pam.d/quagga user$
> cat /etc/pam.d/quagga # Any user may call vtysh but only those
> belonging to the group quaggavty can # actually connect to the socket
> and use the program.
> auth sufficient pam_permit.so
> user at server$ <mailto:user at server$> whoami user user at server$
> <mailto:user at server$> ls -l /etc/quagga/vtysh.conf
> -rw-rw---- 1 quagga quaggavty 63 2008-01-10 01:28
> /etc/quagga/vtysh.conf user at server$ <mailto:user at server$> cat
> /etc/quagga/vtysh.conf username user nopassword username root
> nopassword log syslog user at server$ <mailto:user at server$> egrep
> quaggavty /etc/group quaggavty:x:106:user user at server$
> <mailto:user at server$> vtysh Hello, this is Quagga (version 0.99.5).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
> server# exit
> user at server$ <mailto:user at server$>
> So here it works, now FreeBSD:
> > whoami
> resu
> > ls -l /etc/pam.d/quagga
> ls: /etc/pam.d/quagga: No such file or directory
> > ls -l /usr/local/etc/pam.d/quagga
> ls: /usr/local/etc/pam.d/quagga: No such file or directory
> > ls -l /usr/local/etc/quagga/vtysh.conf
> -rw-rw-r-- 1 quagga quagga 129 10 led 01:52
> /usr/local/etc/quagga/vtysh.conf
> > cat /usr/local/etc/quagga/vtysh.conf
> username resu nopassword
> username root nopassword
> log syslog
> > pw group show quagga
> quagga:*:101:resu
> > vtysh
> Exiting: failed to connect to any daemons.
> >
> Is possible to repair it ? How can I assit you ?
> It would be good if new version 0.99.10 will count with vtysh like on
> Debian.
> Thank you.
> Bye.
> Daniel
Regards,
Boris
More information about the freebsd-ports
mailing list