Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

authen::tacacsplus(3pm) [debian man page]

TacacsPlus(3pm) 					User Contributed Perl Documentation					   TacacsPlus(3pm)

NAME

       Authen::TacacsPlus - Perl extension for authentication using tacacs+ server

SYNOPSIS

	 use Authen::TacacsPlus;

	 $tac = new Authen::TacacsPlus(Host=>$server,
			       Key=>$key,
			       [Port=>'tacacs'],
			       [Timeout=>15]);

	 or

	 $tac = new Authen::TacacsPlus(
	    [ Host=>$server1, Key=>$key1, [Port=>'tacacs'], [Timeout=>15] ],
	    [ Host=>$server2, Key=>$key2, [Port=>'tacacs'], [Timeout=>15] ],
	    [ Host=>$server3, Key=>$key3, [Port=>'tacacs'], [Timeout=>15] ],
	    ...  );

	 $tac->authen($username,$passwords);

	 Authen::TacacsPlus::errmsg();

	 $tac->close();

DESCRIPTION

       Authen::TacacsPlus allows you to authenticate using tacacs+ server.

	 $tac = new Authen::TacacsPlus(Host=>$server,
			       Key=>$key,
			       [Port=>'tacacs'],
			       [Timeout=>15]);

       Opens new session with tacacs+ server on host $server, encrypted with key $key. Undefined object is returned if something wrong (check
       errmsg()).

       With a list of servers the order is relevant. It checks the availability of the Tacacs+ service using the order you defined.

	 Authen::TacacsPlus::errmsg();

       Returns last error message.

	 $tac->authen($username,$password,$authen_type);

       Tries an authentication with $username and $password. 1 is returned if authenticaton succeded and 0 if failed (check errmsg() for reason).

       $authen_type is an optional argument that specifies what type of authentication to perform. Allowable options are:
       Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII (default) Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP
       Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_CHAP

       ASCII uses Tacacs+ version 0, and will authenticate against the "login" or "global" password on the Tacacs+ server. If no authen_type is
       specified, it defaults to this type of authentication.

       PAP uses Tacacs+ version 1, and will authenticate against the "pap" or "global" password on the Tacacs+ server.

       CHAP uses Tacacs+ version 1, and will authenticate against the "chap" or "global" password on the Tacacs+ server. With CHAP, the password
       if formed by the concatenation of
	 chap id + chap challenge + chap response

       There is example code in test.pl

       If you use a list of servers you can continue using $tac->authen if one of them goes down or become unreachable.

	 $tac->close();

       Closes session with tacacs+ server.

EXAMPLE

	 use Authen::TacacsPlus;

	 $tac = new Authen::TacacsPlus(Host=>'foo.bar.ru',Key=>'9999');
	 unless ($tac){
		 print "Error: ",Authen::TacacsPlus::errmsg(),"
";
		 exit(1);
	 }
	 if ($tac->authen('john','johnpass')){
		 print "Granted
";
	 } else {
		 print "Denied: ",Authen::TacacsPlus::errmsg(),"
";
	 }
	 $tac->close();

AUTHOR

       Mike Shoyher, msh@corbina.net, msh@apache.lexa.ru

       Mike McCauley, mikem@open.com.au

BUGS

       only authentication is supported

       only one session may be active (you have to close one session before opening another one)

SEE ALSO

       perl(1).

perl v5.14.2							    2012-01-17							   TacacsPlus(3pm)

Check Out this Related Man Page

Authen::Simple::RADIUS(3pm)				User Contributed Perl Documentation			       Authen::Simple::RADIUS(3pm)

NAME

       Authen::Simple::RADIUS - Simple RADIUS authentication

SYNOPSIS

	   use Authen::Simple::RADIUS;

	   my $radius = Authen::Simple::RADIUS->new(
	       host   => 'radius.company.com',
	       secret => 'secret'
	   );

	   if ( $radius->authenticate( $username, $password ) ) {
	       # successfull authentication
	   }

	   # or as a mod_perl Authen handler

	   PerlModule Authen::Simple::Apache
	   PerlModule Authen::Simple::RADIUS

	   PerlSetVar AuthenSimpleRADIUS_host "radius.company.com"
	   PerlSetVar AuthenSimpleRADIUS_pdc  "secret"

	   <Location /protected>
	     PerlAuthenHandler Authen::Simple::RADIUS
	     AuthType	       Basic
	     AuthName	       "Protected Area"
	     Require	       valid-user
	   </Location>

DESCRIPTION

       RADIUS authentication.

METHODS

       * new
	   This method takes a hash of parameters. The following options are valid:

	   * host  Connection host, can be a hostname or IP address. Defaults to "localhost".

		       host => 'ldap.company.com'
		       host => '10.0.0.1'

	   * port  Connection port, default to 1812.

		       port => 1645

	   * timeout
		   Connection timeout, defaults to 10.

		       timeout => 20

	   * secret
		   Shared secret. Required.

		       secret => 'mysecret'

	   * log   Any object that supports "debug", "info", "error" and "warn".

		       log => Log::Log4perl->get_logger('Authen::Simple::RADIUS')

       * authenticate( $username, $password )
	   Returns true on success and false on failure.

SEE ALSO

       Authen::Simple.

       Authen::Radius.

AUTHOR

       Christian Hansen "ch@ngmedia.com"

COPYRIGHT

       This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.8.8							    2008-03-01					       Authen::Simple::RADIUS(3pm)
Man Page