TAC Plus

- Config file: /usr/local/etc/tac_plus.cfg
- Service definition: /usr/lib/systemd/system/tac_plus.service
- Start/Stop/Status: systemctl start/stop/status tac_plus
- Logs: /var/log/tac_plus/ (rotation setup via logrotate daemon)

Currently you guys are setup with cleartext passwords. To change this;
Run openssl passwd command to obtain an encrypted password
 Edit the tac_plus.cfg file, and modify your password entry to match mine. It should look like ->
• password crypt "gobbledygook"
Restart tac_plus service

 

 

Conf:

 

#!/usr/local/sbin/tac_plus
# TACACS configuration file /usr/local/etc/tac_plus.cfg, to be used by /usr/local/bin/tac_plus
# NOTE: Use the following command to create encrypted passwords: openssl passwd
# Version: 1.0
# Author: The Dude
# Changelist:
# 18/2/2016 - FT - v1.0 - Initial Deployment

id = spawnd {
listen = { port = 49 }
spawn = {
instances min = 1
instances max = 10
}
background = no
}

id = tac_plus {
#debug = PACKET AUTHEN AUTHOR

authentication log = /var/log/tac_plus/authentication-%Y%m%d.log
authorization log = /var/log/tac_plus/authorization-%Y%m%d.log
authorization log group = yes

host = 0.0.0.0/0 {
key = "cisco"
}

group = admin {
default service = permit
enable = login
service = shell {
default command = permit
default attribute = permit
set priv-lvl = 15
}
}

user = admin2 {
password = crypt "bN/LNiaqd6gGI"
member = admin
}

user = admin3 {

password = crypt "0lCl81CXLv4do"
member = admin
}
user = admin4 {
password = crypt "$1$/kSsQeSg$60TK.cwkz3GxYwQXo5boh."
member = admin
}
}

S5 Box

Login