[tac_plus] A question concerning the availability of the tac_plus complete command reference chart

Alan McKinnon alan.mckinnon at gmail.com
Thu Jul 10 14:58:49 UTC 2014 

On 10/07/2014 14:16, Bartlomiej Kos wrote:
> Dear Shrubbery Inc.,
> 
> First of all, thank you for developing your flavour of the TACACS server.
> It is an invaluable tool for one needing to set up a centralised AAA system
> when one's funds are limited.
> 
> I have already had some success establishing a working environment with
> your server using the version available in the standard 7.5.0 Debian Wheezy
> package repository, but would like to get the most from your server, so
> that my users could enjoy a seamless working environment. Unfortunately, I
> have found out the hard way that the decumentation concerning your server's
> configuration directives is rather scarce, and even though the manpages do
> offer some command reference, the server configuration is mostly a
> trial-and-error process. I believe that if I had a complete command
> reference chart at hand I could do a better job with configuring the
> server, and so I would like to ask you if such a chart is available. If it
> is, could you point me the way to it, or tell me what I should do to obtain
> one?


Nothing like the docs you are looking for has come to light here in the
past 6 years, so I doubt such a thing exists. Do keep in mind that the
original code base and docs come from Cisco all those years ago, all
that shrubbery has done is extend the code base.

There are two areas that cause folks trouble with tac_plus:

- the tacacs protocol itself has docs but they are hard to find - there
is one draft RFC out there that expired ages ago but Cisco's kit at
least still mostly follows it. It can be really hard to figure out what
Tacacs itself allows you to do.

- the server config file is limited in what it can do. For example,
there's  concept of a group but a user can only belong to one group, and
that group can only belong to one group, etc.

Both of these concepts cause folk endless trouble if you start out with
assumptions that are incorrect.

What specific aspects of using tac_plus are you having trouble with?



-- 
Alan McKinnon
alan.mckinnon at gmail.com

More information about the tac_plus mailing list