tacplus.conf(5)
NAME
tacplus.conf - TACACS+ client configuration file
SYNOPSIS
/etc/tacplus.conf
DESCRIPTION
- tacplus.conf contains the information necessary to configure
- the TACACS+
client library. It is parsed by tac_config() (see libtac - plus(3)). The
file contains one or more lines of text, each describing a - single TACACS+
server which is to be used by the library. Leading white - space is
ignored, as are empty lines and lines containing only com - ments.
- A TACACS+ server is described by two to four fields on a
- line. The
fields are separated by white space. The `#' character at - the beginning
of a field begins a comment, which extends to the end of the - line. A
field may be enclosed in double quotes, in which case it may - contain
white space and/or begin with the `#' character. Within a - quoted string,
the double quote character can be represented by `
can be represented by `´. No other escape sequences are - supported.
- The first field specifies the server host, either as a fully
- qualified
domain name or as a dotted-quad IP address. The host may - optionally be
followed by a `:' and a numeric port number, without inter - vening white
space. If the port specification is omitted, it defaults to - 49, the
standard TACACS+ port. - The second field contains the shared secret, which should be
- known only
to the client and server hosts. It is an arbitrary string - of characters,
though it must be enclosed in double quotes if it contains - white space or
is empty. An empty secret disables the normal encryption - mechanism,
causing all data to cross the network in cleartext. - The third field contains a decimal integer specifying the
- timeout in seconds for communicating with the server. The timeout applies
- separately
to each connect, write, and read operation. If this field - is omitted, it
defaults to 3 seconds. - The optional fourth field may contain the string `single
- connection'. If
this option is included, the library will attempt to negoti - ate with the
server to keep the TCP connection open for multiple ses - sions. Some older
TACACS+ servers become confused if this option is specified. - Up to 10 TACACS+ servers may be specified. The servers are
- tried in
order, until a valid response is received or the list is ex - hausted.
- The standard location for this file is /etc/tacplus.conf.
- An alternate
pathname may be specified in the call to tac_config() (see libtacplus(3)). Since the file contains sensitive informa - tion in the
form of the shared secrets, it should not be readable except - by root.
FILES
/etc/tacplus.conf
EXAMPLES
# A simple entry using all the defaults:
tacserver.domain.com OurLittleSecret
- # A server using a non-standard port, with an increased
- timeout and
# the "single-connection" option.
auth.domain.com:4333 "Don't tell!!" 15 single-con - nection
- # A server specified by its IP address:
192.168.27.81 $X*#..38947ax-+=
SEE ALSO
AUTHORS
- This documentation was written by John Polstra, and donated
- to the
FreeBSD project by Juniper Networks, Inc. - BSD July 29, 1998