extended TACACS capability for accounting and auditing.

New commands (per system)

    tacacs extended
    tacacs notify connect|slip|enable|logout
	Notify causes a message to be transmitted to the tacacs server,
	with retransmition being performed by a background process for
	up to 5 minutes.  However, the user get the equivilent of an
	immediate "accepted" response.
    tacacs authenticate connect|slip|enable
	Authenticate requires a repsonse from the server to indicate
	whether the user can prefer the indicated action.

New packet format:

    uchar version;		/* version of protocol 0x80 */
    uchar type;			/* Type of query/response */
	XTA_LOGIN	1
	XTA_ANSWER	2
	XTA_CHANGE	3
	XTA_FOLLOW	4
	XTA_CONNECT	5
	XTA_ENABLE	6
	XTA_LOGOUT	7
	XTA_RELOAD	8
	XTA_SLIPON	9
	XTA_SLIPOFF    10
	XTA_SLIPADDR   11
    ushort trans;		/* unique ID to associate query w reply */
    uchar namelen;		/* length of name */
    uchar pwlen;		/* length of password */
    uchar response;		/* response code */
	XTA_A_ACCEPTED	1
	XTA_A_REJECTED	2
    uchar reason;		/* reason for response or query */
	XTA_A_NONE	0
	XTA_A_EXPIRING	1
	XTA_A_PASSWORD	2
	XTA_A_DENIED	3
	/*
	 * The following are reasons for "logout" and "slipoff" 
	 */
	XTA_R_QUIT	4	/* user quit normally */
	XTA_R_IDLE	5	/* idle timeout */
	XTA_R_DROP	6	/* carrier dropped */
	XTA_R_BAD	7	/* too many bad passwords */

    ushort accesslist;		/* access list for user returned at login */
    ulong flags;		/* misc flags */
    ulong uuid;			/* user id code assigned. */
    ushort lport;		/* local line number */
    ulong dhost;		/* destination host */
    ushort dport;		/* destination port */
				/* user name */
				/* password */


new xtacacsd.c documentation:

	xtacacsd [-s] [-d] [-l] [-f/etc/tacpasswd] [-w/var/log/tacacs.wtmp]

	-s	standalone mode - the server runs continuously.
		Recomended for extended use.

	-d	Debugging.

	-l	Log events to syslog local6 file.  All events are logged:
		system reload from server
		xlogin from server ttyNN for user(gcos) accepted|rejected
		xconnect from server ttyNN for user(uuid) to host:port
		xlogout from server ttyNN for user(uuid) reason
		xslipon from server SLIPNN for user(uuid) address slipaddress
		xslipoff from server SLIPNN for user(uuid) address slipaddress
		slipaddress from server ttyNN for host(gcos) accepted|rejected

	-w<wtmpfile> log on/off events in a wtmp format file.
		In theory, this makes it possible to keep track of per-user
		connect times, and print them using the "ac" unix utility.
		Events logged:
		-  System reload.  "~" in name field, servername in host field
		-  Login / Logout  username, "TTYnn", slipaddress
		-  SlipOn / SlipOff username, "SLIPnn", slipaddress
		If a user logs in and issues a SLIP command, the following
		sequence should appear in the wtmp file:
		login TTYnn username servername
		    time passes
		slipon SLIPnn username slipname
		logout TTYnn username servername
		    time passes
		slipoff SLIPnn username slipname

		A potential problem exists: data for all servers is stored
		in the same wtmp file, the differences being noted by the
		ut_host field in the wtmp entries.  The "ac" program may
		not look at this field for determining matching entries.
		Thus having the same user log in on more than one terminal
		server at the same time may result in invalid final reports.

	-f<passwd-file>	file to find password information.  If not given,
		/etc/passwd is used, and the following features are not used:
		-  The user id is used as the uuid.
		-  The group ID field is used as the access list.
		-  An expiration data for the account is stored in the shell
		   field of the entry.
