From 8b1bb5b6d62dc9e9d03a0db284572d1757fec8a4 Mon Sep 17 00:00:00 2001
From: liuh-80 <liuh@microsoft.com>
Date: Fri, 19 May 2023 16:02:28 +0800
Subject: [PATCH] Stop authorization when some server reject user.

---
 nss_tacplus.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nss_tacplus.c b/nss_tacplus.c
index 86e0503..989167e 100644
--- a/nss_tacplus.c
+++ b/nss_tacplus.c
@@ -791,6 +791,10 @@ lookup_tacacs_user(struct pwbuf *pb)
                     " invalid (%d)", nssname,
                     tac_ntop(tac_srv[srvr].addr->ai_addr), pb->name,
                     arep.status);
+
+            if (arep.status == TAC_PLUS_AUTHOR_STATUS_FAIL) {
+                done = 1; /* break out of loop after server reject user */
+            }
         }
         if(arep.msg)
             free(arep.msg);