Hi Boris,
I am sorry for my late answer. I was on holidays.
>I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it what
>You need?
egrep "ENABLE_VTY_GROUP" /usr/ports/net/quagga/Makefile
.if defined(ENABLE_VTY_GROUP)
CONFIGURE_ARGS+=--enable-vty-group=${ENABLE_VTY_GROUP}
@${ECHO} "ENABLE_VTY_GROUP Specify group for vty socket ownership"
But it seems it is not enabled, isn´t it ?
I'm not sure if this is it, but I would like to behave the quagga in Debian
(Linux) and FreeBSD consistently.
In contrast, FreeBSD, Linux also has a file named quagga in the directory
/etc/pam.d/.
This file is not in FreeBSD in directory /usr/local/etc/pam.d or /etc/pam.d,
which I would in the case of second option even understand.
Perhaps to FreeBSD is not needed, but then what exactly in the table the
options of quagga when compiling means the possibility of "PAM PAM
authentication for vtysh" ?
However, the aim is this:
I have an user XXX and I want him to give sufficient privileges to manipulate
the quagga. I do not want to give him permission through sudo or through su
commands. In addition, I want in order to when in the vtysh.conf file, the user
XXX is set with the possibility of nopassword, vtysh not ask me for a password
to the quagga.
Sh interpreter is preset to FreeBSD systems, so that the goal is for these
above-mentioned conditions, to run vtysh straight and asks for nothing.
So far, only what the user see the error message:
> Vtysh
Exiting: failed to connect to any daemons.
>
I do not know how to do, to ask me, but the goal is identical behavior quagga
on FreeBSD to Linux systems and that´s all, not more and not less.
Thank you.
Regards,
Daniel
-----Original Message-----
From: Boris Kovalenko [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2008 5:45 AM
To: [EMAIL PROTECTED]
Subject: Re: FreeBSD Port: quagga-0.99.9_7
Hello, Daniel!
I remember Makefile has ENABLE_VTY_GROUP knob, so You may use it. Is it what
You need?
> Hi Boris,
> I would like to turn your attention on one little bug in quagga on
> FreeBSD.
> Why don´t we user groupname quaggavty from the beginning when the
> quagga had been ported to FreeBSD ?
> What do I mena ? I will show you the diffrence between quagga on
> Debian and on our FreeBSD.
> They use group quaggavty for command vtysh and they help themself with
> pam.d/quagga file.
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ls -l /etc/pam.d/quagga
> -rw-r--r-- 1 root root 162 2007-09-26 08:20 /etc/pam.d/quagga user$
> cat /etc/pam.d/quagga # Any user may call vtysh but only those
> belonging to the group quaggavty can # actually connect to the socket
> and use the program.
> auth sufficient pam_permit.so
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> whoami user [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> ls -l /etc/quagga/vtysh.conf
> -rw-rw---- 1 quagga quaggavty 63 2008-01-10 01:28
> /etc/quagga/vtysh.conf [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> cat
> /etc/quagga/vtysh.conf username user nopassword username root
> nopassword log syslog [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> egrep
> quaggavty /etc/group quaggavty:x:106:user [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> vtysh Hello, this is Quagga (version 0.99.5).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
> server# exit
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> So here it works, now FreeBSD:
> > whoami
> resu
> > ls -l /etc/pam.d/quagga
> ls: /etc/pam.d/quagga: No such file or directory
> > ls -l /usr/local/etc/pam.d/quagga
> ls: /usr/local/etc/pam.d/quagga: No such file or directory
> > ls -l /usr/local/etc/quagga/vtysh.conf
> -rw-rw-r-- 1 quagga quagga 129 10 led 01:52
> /usr/local/etc/quagga/vtysh.conf
> > cat /usr/local/etc/quagga/vtysh.conf
> username resu nopassword
> username root nopassword
> log syslog
> > pw group show quagga
> quagga:*:101:resu
> > vtysh
> Exiting: failed to connect to any daemons.
> >
> Is possible to repair it ? How can I assit you ?
> It would be good if new version 0.99.10 will count with vtysh like on
> Debian.
> Thank you.
> Bye.
> Daniel
Regards,
Boris
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
