Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
TACPLUS.CONF(5)           FreeBSD File Formats Manual          TACPLUS.CONF(5)

NAME
     tacplus.conf - TACACS+ client configuration file

SYNOPSIS
     /etc/tacplus.conf

DESCRIPTION
     tacplus.conf contains the information necessary to configure the TACACS+
     client library.  It is parsed by tac_config() (see libtacplus(3)).  The
     file contains one or more lines of text, each describing a single TACACS+
     server which is to be used by the library.  Leading white space is
     ignored, as are empty lines and lines containing only comments.

     A TACACS+ server is described by two to four fields on a line.  The
     fields are separated by white space.  The `#' character at the beginning
     of a field begins a comment, which extends to the end of the line.  A
     field may be enclosed in double quotes, in which case it may contain
     white space and/or begin with the `#' character.  Within a quoted string,
     the double quote character can be represented by `\"', and the backslash
     can be represented by `\\'.  No other escape sequences are supported.

     The first field specifies the server host, either as a fully qualified
     domain name or as a dotted-quad IP address.  The host may optionally be
     followed by a `:' and a numeric port number, without intervening white
     space.  If the port specification is omitted, it defaults to 49, the
     standard TACACS+ port.

     The second field contains the shared secret, which should be known only
     to the client and server hosts.  It is an arbitrary string of characters,
     though it must be enclosed in double quotes if it contains white space or
     is empty.  An empty secret disables the normal encryption mechanism,
     causing all data to cross the network in cleartext.

     The third field contains a decimal integer specifying the timeout in
     seconds for communicating with the server.  The timeout applies
     separately to each connect, write, and read operation.  If this field is
     omitted, it defaults to 3 seconds.

     The optional fourth field may contain the string `single-connection'.  If
     this option is included, the library will attempt to negotiate with the
     server to keep the TCP connection open for multiple sessions.  Some older
     TACACS+ servers become confused if this option is specified.

     Up to 10 TACACS+ servers may be specified.  The servers are tried in
     order, until a valid response is received or the list is exhausted.

     The standard location for this file is /etc/tacplus.conf.  An alternate
     pathname may be specified in the call to tac_config() (see
     libtacplus(3)).  Since the file contains sensitive information in the
     form of the shared secrets, it should not be readable except by root.

FILES
     /etc/tacplus.conf

EXAMPLES
     # A simple entry using all the defaults:
     tacserver.domain.com    OurLittleSecret

     # A server using a non-standard port, with an increased timeout and
     # the "single-connection" option.
     auth.domain.com:4333    "Don't tell!!"  15      single-connection

     # A server specified by its IP address:
     192.168.27.81           $X*#..38947ax-+=

SEE ALSO
     libtacplus(3)

AUTHORS
     This documentation was written by John Polstra, and donated to the
     FreeBSD project by Juniper Networks, Inc.

FreeBSD 11.0-PRERELEASE          July 29, 1998         FreeBSD 11.0-PRERELEASE

NAME | SYNOPSIS | DESCRIPTION | FILES | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=tacplus.conf&sektion=5&manpath=FreeBSD+4.7-RELEASE>

home | help