Библиотека сайта rus-linux.net
At my place of employment, for TACACS authentication of dial-up Internet users (who are connecting to our modem pool which are in turn connected to a couple of Cisco 250x access servers), we are using the Vikas version of "xtacacsd".
After compiling and installing the Vikas package (latest versions
are available from ftp://ftp.navya.com/pub/vikas; I don't believe the package is
available in RPM format), you should add the following entries to the
/etc/inetd.conf'' file so that
the daemon will be loaded by the inetd daemon whenever a TACACS request
# TACACS is a user authentication protocol used for Cisco Router products. tacacs dgram udp wait root /etc/xtacacsd xtacacsd -c /etc/xtacacsd-conf
Next, you should edit the
'' file and
customize it, as necessary, for your system (however you will probably be
able to use the default settings as-is).
Note: Note: If you are using shadow passwords (see Section 6.6 for details), you will have some problems with this package. Unfortunately, PAM (Pluggable Authentication Module), which Red Hat uses for user authentication, is not supported by this package. One workaround that I use is to keep a separate ``
'' file in ``
'' which matches the one in /etc/ but is non-shadowed. This is a bit of a hassle, and if you choose to do this make sure you set permissions on the other password file to make sure it is only readable by root:
If you do indeed use shadow, you will most certainly need to edit
and location of the non-shadowed password file (assuming you are using
the workaround I have suggested above).
The next step is to configure your access server(s) to authenticate logins for the desired devices (such as dial-up modems) with TACACS. Here is a sample session on how this is done:
All TACACS activity log messages will be recorded in
'' for your
|Domain Name Server (DNS) Configuration and Administration||Up||Windows-style File and Print Services with Samba|
Только зарегистрированные пользователи могут оценивать и комментировать статьи.