-
Notifications
You must be signed in to change notification settings - Fork 0
TACACS
TACACS is used in most IXPs to manage access to switching and routing devices:
- to allow staff access to these devices with administrative privileges;
- to allow limited / full access to vendor support / TAC personnel;
- to allow member user access to services such as the route collector.
IXP Manager can configure you TACACS service for you.
See the default template files here which are not meant to be used as is but rather copied and skinned.
You can generate the configuration via:
APPLICATION_PATH/bin/ixptool.php -a router-cli.gen-tacacs-conf >/path/to/tac_plus.conf
A number of parameters ca be specified on the command line via comma separated pairs such as -p param1=value1,param2=vlaue2. These parameters are:
-
target- the configuration is taken from.../router-cli/tacacs/tacplus/index.cfgby default. Setting target will instead read from.../router-cli/tacacs/{$target}/index.cfg; -
dstfile- if specified, instead of printing to stdout, the script will save the config in the given file;
Two other parameters can be set - secret and accountingfile - which will be used in the header.cfg template file. These are defaulted to soopersecret and /var/log/tac_plus/tac_plus.log if not skinned or set as a parameter.
Needless to say, you will need to reload TACACS after generated the config file.
The header.cfg file contains a line:
key = "{$secret}"
if you don't want to set this via the command line and would rather hardcode it in your skin, then change this line to:
{tmplinclude file='router-cli/tacacs/tacplus/key.cfg}
and place something such as the following in that file:
key = "soopersecret"
Git will ignore these files via the pattern:
application/views/_skins/*/router-cli/tacacs/*/key.cfg