Skip to content

[TACACS] Send remote address in TACACS authorization package.#12448

Closed
liuh-80 wants to merge 2 commits intosonic-net:masterfrom
liuh-80:dev/liuh/tacacs-send-remoteaddr
Closed

[TACACS] Send remote address in TACACS authorization package.#12448
liuh-80 wants to merge 2 commits intosonic-net:masterfrom
liuh-80:dev/liuh/tacacs-send-remoteaddr

Conversation

@liuh-80
Copy link
Contributor

@liuh-80 liuh-80 commented Oct 19, 2022

Send remote address in TACACS authorization package.

Why I did it

TACACS not send remote address in authorization package.

How I did it

Read remote address from SSH_CONNECTION or SSH_REMOTE_IP and send in TACACS authorization package.

How to verify it

Pass all E2E test.
New E2E test case to cover this change.

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205

Description for the changelog

Send remote address in TACACS authorization package.

Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@liuh-80
Copy link
Contributor Author

liuh-80 commented Oct 19, 2022

This PR depends on openssh side change.
Currently sonic has 2 openssh:

  1. regular openssh:
    [openssh] Export remote address to environment variable for TACACS authorization. #12447
  2. FIPS patched openssh, will porting patch later.

@liuh-80 liuh-80 closed this Oct 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@liuh-80