[tac_plus] TACACS+ Authorization via LDAP

Sachin.6.Gupta SG00123446 at TechMahindra.com
Thu Nov 7 17:42:29 UTC 2013


would i have to write this script to generate the tac_plus.conf file from LDAP or it would be available on the net? LDAP server doesnt have to be on the same system. rt? It would be a remote system.

So some sort of querying script would be required i guess to dump to the tac_plus.conf file. rt?

Regards
________________________________________
From: heasley [heas at shrubbery.net]
Sent: Thursday, November 07, 2013 11:04 PM
To: Sachin.6.Gupta
Cc: heasley; tac_plus at shrubbery.net
Subject: Re: [tac_plus] TACACS+ Authorization via LDAP

Thu, Nov 07, 2013 at 09:24:04AM +0530, Sachin.6.Gupta:
> Thanks Heas for clarifying.
>
> However, I need to the following: Authentication via LDAP (using PAM I guess) and Authorization and Accounting as it happens.
> But for Authorization how would I configure Users and Groups in TACACS+ when the same would be configured in LDAP.

perhaps use a cron job to dump ldap to build tac_plus.conf via cron?

it occured to me that you could use an external script to do authorization
against ldap.  you'd have to write that script.

> Is there a how to link for this? Authentication via LDAP and Authorization also?
>
> TIA
>
> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net]
> Sent: Wednesday, November 06, 2013 10:39 PM
> To: Sachin.6.Gupta
> Cc: heasley; tac_plus at shrubbery.net
> Subject: Re: [tac_plus] TACACS+ Authorization via LDAP
>
> Wed, Nov 06, 2013 at 12:12:22PM +0530, Sachin.6.Gupta:
> > I found one link which states that Authorization via LDAP is not possible.
> > http://www.shrubbery.net/pipermail/tac_plus/2009-January/000332.html
> >
> > Quote:
> > "Currently, tac_plus only allows authentication using pam (since pam is only used for authentication anyway). Authorizations are still configured within the conf file, no ldap groups allowed :("
>
> sorry, i misread it - there is no facility for authorization via pam (or ldap).
>
> > Regards
> >
> > -----Original Message-----
> > From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Sachin.6.Gupta
> > Sent: Wednesday, November 06, 2013 12:07 PM
> > To: heasley
> > Cc: tac_plus at shrubbery.net
> > Subject: Re: [tac_plus] TACACS+ Authorization via LDAP
> >
> > Thanks. Can you please provide more details on using PAM (LDAP) for Authorization?
> > Any links or mails would be helpful.
> >
> > -----Original Message-----
> > From: heasley [mailto:heas at shrubbery.net]
> > Sent: Wednesday, November 06, 2013 12:05 PM
> > To: Sachin.6.Gupta
> > Cc: tac_plus at shrubbery.net
> > Subject: Re: [tac_plus] TACACS+ Authorization via LDAP
> >
> > Wed, Nov 06, 2013 at 11:02:46AM +0530, Sachin.6.Gupta:
> > > Hi All,
> > >
> > > Is it possible to do TACACS+ Authorization via LDAP?
> > > I know that Authentication can be done via LDAP, but is TACACS+ authorization also possible?
> >
> > yes, via PAM.
> >
> > ============================================================================================================================Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.techmahindra.com/tim/disclaimer.html</a> internally within Tech Mahindra.============================================================================================================================
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
> > ============================================================================================================================Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.techmahindra.com/tim/disclaimer.html</a> internally within Tech Mahindra.============================================================================================================================
>
> ============================================================================================================================Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.techmahindra.com/tim/disclaimer.html</a> internally within Tech Mahindra.============================================================================================================================

============================================================================================================================Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.techmahindra.com/tim/disclaimer.html</a> internally within Tech Mahindra.============================================================================================================================


More information about the tac_plus mailing list