Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TacacsPlus(3)	      User Contributed Perl Documentation	 TacacsPlus(3)

NAME
       Authen::TacacsPlus - Perl extension for authentication using tacacs+
       server

SYNOPSIS
	 use Authen::TacacsPlus;

	 $tac =	new Authen::TacacsPlus(Host=>$server,
			       Key=>$key,
			       [Port=>'tacacs'],
			       [Timeout=>15]);

	 or

	 $tac =	new Authen::TacacsPlus(
	    [ Host=>$server1, Key=>$key1, [Port=>'tacacs'], [Timeout=>15] ],
	    [ Host=>$server2, Key=>$key2, [Port=>'tacacs'], [Timeout=>15] ],
	    [ Host=>$server3, Key=>$key3, [Port=>'tacacs'], [Timeout=>15] ],
	    ...	 );

	 $tac->authen($username,$passwords);

	 Authen::TacacsPlus::errmsg();

	 $tac->close();

DESCRIPTION
       Authen::TacacsPlus allows you to	authenticate using tacacs+ server.

	 $tac =	new Authen::TacacsPlus(Host=>$server,
			       Key=>$key,
			       [Port=>'tacacs'],
			       [Timeout=>15]);

       Opens new session with tacacs+ server on	host $server, encrypted	with
       key $key. Undefined object is returned if something wrong (check
       errmsg()).

       With a list of servers the order	is relevant. It	checks the
       availability of the Tacacs+ service using the order you defined.

	 Authen::TacacsPlus::errmsg();

       Returns last error message.

	 $tac->authen($username,$password,$authen_type);

       Tries an	authentication with $username and $password. 1 is returned if
       authenticaton succeded and 0 if failed (check errmsg() for reason).

       $authen_type is an optional argument that specifies what	type of
       authentication to perform. Allowable options are:
       Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII (default)
       Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP
       Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_CHAP

       ASCII uses Tacacs+ version 0, and will authenticate against the "login"
       or "global" password on the Tacacs+ server. If no authen_type is
       specified, it defaults to this type of authentication.

       PAP uses	Tacacs+	version	1, and will authenticate against the "pap" or
       "global"	password on the	Tacacs+	server.

       CHAP uses Tacacs+ version 1, and	will authenticate against the "chap"
       or "global" password on the Tacacs+ server. With	CHAP, the password if
       formed by the concatenation of
	 chap id + chap	challenge + chap response

       There is	example	code in	test.pl

       If you use a list of servers you	can continue using $tac->authen	if one
       of them goes down or become unreachable.

	 $tac->close();

       Closes session with tacacs+ server.

EXAMPLE
	 use Authen::TacacsPlus;

	 $tac =	new Authen::TacacsPlus(Host=>'foo.bar.ru',Key=>'9999');
	 unless	($tac){
		 print "Error: ",Authen::TacacsPlus::errmsg(),"\n";
		 exit(1);
	 }
	 if ($tac->authen('john','johnpass')){
		 print "Granted\n";
	 } else	{
		 print "Denied:	",Authen::TacacsPlus::errmsg(),"\n";
	 }
	 $tac->close();

AUTHOR
       Mike Shoyher, msh@corbina.net, msh@apache.lexa.ru

       Mike McCauley, mikem@airspayce.com

BUGS
       only authentication is supported

       only one	session	may be active (you have	to close one session before
       opening another one)

SEE ALSO
       perl(1).

perl v5.24.1			  2015-12-07			 TacacsPlus(3)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLE | AUTHOR | BUGS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Authen::TacacsPlus&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help