GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
TACPLUS.CONF(5) FreeBSD File Formats Manual TACPLUS.CONF(5)

tacplus.confTACACS+ client configuration file

/etc/tacplus.conf

tacplus.conf contains the information necessary to configure the TACACS+ client library. It is parsed by () (see libtacplus(3)). The file contains one or more lines of text, each describing a single TACACS+ server which is to be used by the library. Leading white space is ignored, as are empty lines and lines containing only comments.

A TACACS+ server is described by a minimum of two fields on a line. The fields are separated by whitespace and follow the same rules for comments, quoting, escaping, and line continuation as the POSIX shell.

The first field specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address. The host may optionally be followed by a ‘:’ and a numeric port number, without intervening white space. If the port specification is omitted, it defaults to 49, the standard TACACS+ port.

The second field contains the shared secret, which should be known only to the client and server hosts. It is an arbitrary string of characters, though it must be enclosed in double quotes if it contains white space or is empty. An empty secret disables the normal encryption mechanism, causing all data to cross the network in cleartext.

The optional third field may contain a decimal integer specifying the timeout in seconds for communicating with the server. The timeout applies separately to each connect, write, and read operation. If this field is omitted, it defaults to 3 seconds.

The optional fourth field may contain the string ‘single-connection’. If this option is included, the library will attempt to negotiate with the server to keep the TCP connection open for multiple sessions. Some older TACACS+ servers become confused if this option is specified.

Any subsequent fields must be of the form attribute=value and will be appended to authorization responses as if they had been sent by the server.

Up to 10 TACACS+ servers may be specified. The servers are tried in order, until a valid response is received or the list is exhausted.

The standard location for this file is /etc/tacplus.conf. An alternate pathname may be specified in the call to () (see libtacplus(3)). Since the file contains sensitive information in the form of the shared secrets, it should not be readable except by root.

/etc/tacplus.conf
 

# A simple entry using all the defaults:
tacserver.domain.com	OurLittleSecret

# A server using a non-standard port, with an increased timeout and
# the "single-connection" option, and overrides for the for uid, gid
# and shell attributes.
auth.domain.com:4333	"Don't tell!!"	15	single-connection \
    uid=1001 gid=20 shell="/usr/local/bin/zsh"

# A server specified by its IP address:
192.168.27.81		$X*#..38947ax-+=	shell="/sbin/nologin"

libtacplus(3)

This documentation was written by John Polstra, and donated to the FreeBSD project by Juniper Networks, Inc.

June 13, 2023 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.