Forum Discussion
Hamish_35071
Nimbostratus
NimbostratusTACACS password authentication - Handling Password Expiry
I'm implementing client authentication on an F5 using forms. Mostly based upon the auth-by-forms iRule found on codeshare. But I need to add in a new feature. Password Expiry.
The TACAC...
Hamish_35071Nimbostratus
NimbostratusI investigated AUTH::Response_data first... I don't get anything from it... I've implemented the check as
Needs 9.4.0 or later...
when AUTH_RESULT {
set debugFlag [findclass "debug" $::formsPref " "]
array set AFauth_reponse_data [AUTH::response_data]
if { $debugFlag > 0 } {
log $::loghost local0. "Authentication Result"
log $::loghost local0. "START auth response data"
foreach {key value} [array names AFauth_response_data] {
log $::loghost local0. "ARData ($AFkey) ($AFvalue)"
}
log $::loghost local0. "END auth response data"
}
}
however the array is just empty...
ec 8 10:04:40 tmm tmm[5941]: Rule auth-by-form-94.01a : Authenticating xxxx
Dec 8 10:04:40 tmm tmm[5941]: Rule auth-by-form-94.01a : Authentication Result
Dec 8 10:04:40 tmm tmm[5941]: Rule auth-by-form-94.01a : START auth response data
Dec 8 10:04:40 tmm tmm[5941]: Rule auth-by-form-94.01a : END auth response data
Dec 8 10:04:40 tmm tmm[5941]: Rule auth-by-form-94.01a : Authentication success orig_uri is /
I logged a support call... F5 support tell me that devcentral is pretty much the only place to go. Unless I want to try iRules on demand... Which I presume is a chargable service (Not sure there, I never used it)...
