Библиотека сайта rus-linux.net
7.3. Internet User Authentication with TACACS
At my place of employment, for TACACS authentication of dial-up Internet users (who are connecting to our modem pool which are in turn connected to a couple of Cisco 250x access servers), we are using the Vikas version of "xtacacsd".
After compiling and installing the Vikas package (latest versions
are available from ftp://ftp.navya.com/pub/vikas; I don't believe the package is
available in RPM format), you should add the following entries to the
``/etc/inetd.conf'' file so that
the daemon will be loaded by the inetd daemon whenever a TACACS request
is received.
# TACACS is a user authentication protocol used for Cisco Router products. tacacs dgram udp wait root /etc/xtacacsd xtacacsd -c /etc/xtacacsd-conf |
Next, you should edit the
``/etc/xtacacsd-conf
Note: Note: If you are using shadow passwords (see Section 6.6 for details), you will have some problems with this package. Unfortunately, PAM (Pluggable Authentication Module), which Red Hat uses for user authentication, is not supported by this package. One workaround that I use is to keep a separate ``
'' file in ``passwd'' which matches the one in /etc/ but is non-shadowed. This is a bit of a hassle, and if you choose to do this make sure you set permissions on the other password file to make sure it is only readable by root:/usr/local/xtacacs/etc/
|
If you do indeed use shadow, you will most certainly need to edit
the ``/etc/xtacacsd-conf
The next step is to configure your access server(s) to authenticate logins for the desired devices (such as dial-up modems) with TACACS. Here is a sample session on how this is done:
|
All TACACS activity log messages will be recorded in
``/var/log/messages
| Prev | Home | Next |
| Domain Name Server (DNS) Configuration and Administration | Up | Windows-style File and Print Services with Samba |