contains the information necessary to configure the TACACS+ client
It is parsed by
The file contains one or more lines of text, each describing a
single TACACS+ server which is to be used by the library.
white space is ignored, as are empty lines and lines containing
A TACACS+ server is described by two to four fields on a line.
fields are separated by white space.
character at the beginning of a field begins a comment, which extends
to the end of the line.
A field may be enclosed in double quotes,
in which case it may contain white space and/or begin with the
Within a quoted string, the double quote character can
be represented by
and the backslash can be represented by
No other escape sequences are supported.
The first field specifies
the server host, either as a fully qualified domain name or as a
dotted-quad IP address.
The host may optionally be followed by a
and a numeric port number, without intervening white space.
port specification is omitted, it defaults to 49, the standard TACACS+
The second field contains the shared secret, which should be known
only to the client and server hosts.
It is an arbitrary string
of characters, though it must be enclosed in double quotes if it
contains white space or is empty.
An empty secret disables the
normal encryption mechanism, causing all data to cross the network in
The third field contains a decimal integer specifying the timeout
in seconds for communicating with the server.
The timeout applies
separately to each connect, write, and read operation.
If this field
is omitted, it defaults to 3 seconds.
The optional fourth field may contain the string
If this option is included, the library will attempt to negotiate
with the server to keep the TCP connection open for multiple
Some older TACACS+ servers become confused if this option
Up to 10 TACACS+ servers may be specified.
The servers are tried in
order, until a valid response is received or the list is exhausted.
The standard location for this file is
An alternate pathname may be specified in the call to
Since the file contains sensitive information in the form of the
shared secrets, it should not be readable except by root.
# A simple entry using all the defaults:
# A server using a non-standard port, with an increased timeout and
# the "single-connection" option.
auth.domain.com:4333 "Dont tell!!" 15 single-connection
# A server specified by its IP address: