Barry O'Donovan edited this page May 31, 2017 · 5 revisions

DEPRECATED IN V4: please use the new framework for this - see here

TACACS is used in most IXPs to manage access to switching and routing devices:

  • to allow staff access to these devices with administrative privileges;
  • to allow limited / full access to vendor support / TAC personnel;
  • to allow member user access to services such as the route collector.

IXP Manager can configure your TACACS service for you.

TACACS Configuration

See the default template files here which are not meant to be used as is but rather copied and skinned.

You can generate the configuration via:

APPLICATION_PATH/bin/ixptool.php -a router-cli.gen-tacacs-conf >/path/to/tac_plus.conf

A number of parameters ca be specified on the command line via comma separated pairs such as -p param1=value1,param2=vlaue2. These parameters are:

  • target - the configuration is taken from .../router-cli/tacacs/tacplus/index.cfg by default. Setting target will instead read from .../router-cli/tacacs/{$target}/index.cfg;
  • dstfile - if specified, instead of printing to stdout, the script will save the config in the given file;

Two other parameters can be set - secret and accountingfile - which will be used in the header.cfg template file. These are defaulted to soopersecret and /var/log/tac_plus/tac_plus.log if not skinned or set as a parameter.

Needless to say, you will need to reload TACACS after generating the config file.

Hiding the Key from Public Repos

The header.cfg file contains a line:

key = "{$secret}"

if you don't want to set this via the command line and would rather hardcode it in your skin, then change this line to:

{tmplinclude file='router-cli/tacacs/tacplus/key.cfg}

and place something such as the following in that file:

key = "soopersecret"

Git will ignore these files via the pattern:

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.