Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Softpanorama Search

TACACS

News Recommended Books Recommended Links Recommended Articles Humor Etc
hping2 Firewalk        

TACACS, which is as acronym for Terminal Access Controller by Cisco Systems. Tacacs, allow a network access server (NAS, for example a Cisco 2511 or a 5300) to offload the user administation to a central server.

At my place of employment, for TACACS authentication of dial-up Internet users (who are connecting to our modem pool which are in turn connected to a couple of Cisco 250x access servers), we are using the Vikas version of "xtacacsd".

After compiling and installing the Vikas package (latest versions are available from ftp://ftp.navya.com/pub/vikas; I don't believe the package is available in RPM format), you should add the following entries to the ``/etc/inetd.conf'' file so that the daemon will be loaded by the inetd daemon whenever a TACACS request is received.

# TACACS is a user authentication protocol used for Cisco Router products.
tacacs dgram udp wait root /etc/xtacacsd xtacacsd -c /etc/xtacacsd-conf

Next, you should edit the ``/etc/xtacacsd-conf'' file and customize it, as necessary, for your system (however you will probably be able to use the default settings as-is).

Note: Note: If you are using shadow passwords (see Section 6.6 for details), you will have some problems with this package. Unfortunately, PAM (Pluggable Authentication Module), which Red Hat uses for user authentication, is not supported by this package. One workaround that I use is to keep a separate ``passwd'' file in ``/usr/local/xtacacs/etc/'' which matches the one in /etc/ but is non-shadowed. This is a bit of a hassle, and if you choose to do this make sure you set permissions on the other password file to make sure it is only readable by root:

chmod a-wr,u+r /usr/local/xtacacs/etc/passwd

If you do indeed use shadow, you will most certainly need to edit the ``/etc/xtacacsd-conf'' file and location of the non-shadowed password file (assuming you are using the workaround I have suggested above).

The next step is to configure your access server(s) to authenticate logins for the desired devices (such as dial-up modems) with TACACS. Here is a sample session on how this is done:

mail:/tftpboot# telnet xyzrouter

Escape character is '^]'.
User Access Verification
Password: ****
xyzrouter> enable
Password: ****
xyzrouter# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
xyzrouter(config)# tacacs-server attempts 3
xyzrouter(config)# tacacs-server authenticate connections
xyzrouter(config)# tacacs-server extended
xyzrouter(config)# tacacs-server host 123.12.41.41
xyzrouter(config)# tacacs-server notify connections
xyzrouter(config)# tacacs-server notify enable
xyzrouter(config)# tacacs-server notify logouts
xyzrouter(config)# tacacs-server notify slip
xyzrouter(config)# line 2 10
xyzrouter(config-line)# login tacacs
xyzrouter(config-line)# exit
xyzrouter(config)# exit
xyzrouter# write
Building configuration...
[OK]  
xyzrouter# exit

Connection closed by foreign host.

All TACACS activity log messages will be recorded in ``/var/log/messages'' for your perusal.

Old News ;-)

An Analysis of the TACACS+ Protocol and its Implementations

tac_plus 4.0 (TACACS+) and autoconf

RPM Search wikid-tac_plus-2.0_HEAD-1.noarch.rpm

An Analysis of the TACACS+ Protocol and its Implementations

fedora-core

Router Expert- Building a secure TACACS+ environment

Tacacs Server Configuration in Debian - tacacs+

Tacas server configuration in Linux. - ITtoolbox Groups

Configuration of TACAS Server in Redhat linux or FC-2or3 ...

Build a RADIUS server on Linux

tacacs PAM

Recommended Links

In case of broken links please try to use Google search. If you find the page please notify us about new location
Google     

TACACS - Wikipedia, the free encyclopedia

Tacacs+ v9devrim
Tacacs+ Attribute-Value Pairs(PDF) Cisco System
Configuring Authentication(PDF) Cisco System
Configuring Authorization(PDF) Cisco System
Configuring Accounting(PDF) Cisco System
Troubleshooting TACACS+ and Recovering Passwords(PDF version)Cisco System
What is tacacs v8 Feature by devrim
Database Authentication and Accounting with Tacacs+ by devrim
Tacacs+ For Newbies by devrim
Tacacs+ Installation by devrim
Cisco Developer version Tacacs+ User Guide (text version)
TACACS+ Peter J. Welcher  Chesapeake Computer Consultants
Configuring Tacacs+ and Xtacacs(From Cisco Systems) Pdf file
Tacacs,Xtacacs and tacacs+ commands(From Cisco Systems) Pdf file
Tacacs+ and RADIUS Comparison (From Cisco System) Html file
TACACS+ for First-time Users Html
TACACS+ Dial-Up Sample Config Html
Configuring Network Access Security PDF

Recommended Books

Securing and Controlling Cisco Routers - Google Book Search

Mastering Red Hat Linux 9 Books

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

Last updated: August 12, 2009