Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

tacplus.conf(5) [freebsd man page]

TACPLUS.CONF(5) 					      BSD File Formats Manual						   TACPLUS.CONF(5)

NAME

     tacplus.conf -- TACACS+ client configuration file

SYNOPSIS

     /etc/tacplus.conf

DESCRIPTION

     tacplus.conf contains the information necessary to configure the TACACS+ client library.  It is parsed by tac_config() (see libtacplus(3)).
     The file contains one or more lines of text, each describing a single TACACS+ server which is to be used by the library.  Leading white space
     is ignored, as are empty lines and lines containing only comments.

     A TACACS+ server is described by two to four fields on a line.  The fields are separated by white space.  The '#' character at the beginning
     of a field begins a comment, which extends to the end of the line.  A field may be enclosed in double quotes, in which case it may contain
     white space and/or begin with the '#' character.  Within a quoted string, the double quote character can be represented by '"', and the
     backslash can be represented by '\'.  No other escape sequences are supported.

     The first field specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address.  The host may optionally
     be followed by a ':' and a numeric port number, without intervening white space.  If the port specification is omitted, it defaults to 49,
     the standard TACACS+ port.

     The second field contains the shared secret, which should be known only to the client and server hosts.  It is an arbitrary string of charac-
     ters, though it must be enclosed in double quotes if it contains white space or is empty.	An empty secret disables the normal encryption
     mechanism, causing all data to cross the network in cleartext.

     The third field contains a decimal integer specifying the timeout in seconds for communicating with the server.  The timeout applies sepa-
     rately to each connect, write, and read operation.  If this field is omitted, it defaults to 3 seconds.

     The optional fourth field may contain the string 'single-connection'.  If this option is included, the library will attempt to negotiate with
     the server to keep the TCP connection open for multiple sessions.	Some older TACACS+ servers become confused if this option is specified.

     Up to 10 TACACS+ servers may be specified.  The servers are tried in order, until a valid response is received or the list is exhausted.

     The standard location for this file is /etc/tacplus.conf.	An alternate pathname may be specified in the call to tac_config() (see
     libtacplus(3)).  Since the file contains sensitive information in the form of the shared secrets, it should not be readable except by root.

FILES

     /etc/tacplus.conf

EXAMPLES

     # A simple entry using all the defaults:
     tacserver.domain.com    OurLittleSecret

     # A server using a non-standard port, with an increased timeout and
     # the "single-connection" option.
     auth.domain.com:4333    "Don't tell!!"  15      single-connection

     # A server specified by its IP address:
     192.168.27.81	     $X*#..38947ax-+=

SEE ALSO

     libtacplus(3)

AUTHORS

     This documentation was written by John Polstra, and donated to the FreeBSD project by Juniper Networks, Inc.

BSD
								   July 29, 1998							       BSD

Check Out this Related Man Page

RADIUS_ADD_SERVER(3)							 1						      RADIUS_ADD_SERVER(3)

radius_add_server - Adds a server

SYNOPSIS

       bool radius_add_server (resource  $radius_handle, string  $hostname, int  $port, string	$secret, int  $timeout, int  $max_tries)

DESCRIPTION

       radius_add_server(3)  may be called multiple times, and it may be used together with radius_config(3). At most 10 servers may be specified.
       When multiple servers are given, they are tried in round-robin fashion  until  a  valid	response  is  received,  or  until  each  server's
       $max_tries limit has been reached.

PARAMETERS

	      o $radius_handle
		-

	      o $hostname
		-  The	$hostname  parameter  specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in
		text form.

	      o $port
		- The $port specifies the UDP port to contact on the server. If port is given as  0,  the  library  looks  up  the  radius/udp	or
		radacct/udp  service  in  the network services database, and uses the port found there. If no entry is found, the library uses the
		standard Radius ports, 1812 for authentication and 1813 for accounting.

	      o $secret
		- The shared secret for the server host is passed to the $secret parameter. The Radius protocol ignores all but  the  leading  128
		bytes of the shared secret.

	      o $timeout
		- The timeout for receiving replies from the server is passed to the $timeout parameter, in units of seconds.

	      o $max_tries
		- The maximum number of repeated requests to make before giving up is passed into the $max_tries.

RETURN VALUES

	Returns TRUE on success or FALSE on failure.

EXAMPLES

       Example #1

	      radius_add_server(3) example

	      <?php
	      if (!radius_add_server($res, 'radius.example.com', 1812, 'testing123', 3, 3)) {
		  echo 'RadiusError:' . radius_strerror($res). "
<br>";
		  exit;
	      }
	      ?>

SEE ALSO

       radius_config(3).

PHP Documentation Group 												      RADIUS_ADD_SERVER(3)
Man Page

Featured Tech Videos