[c-nsp] TACACS / RADIUS - Single Sign On
Bill Nash
billn at billn.net
Sun Nov 26 22:49:36 EST 2006
On Sun, 26 Nov 2006, Chris Allermann wrote:
> My initial vision was some sort of LDAP or SQL back end that talked to the
> radius and tacacs daemons. This architecture could then been expanded and
> used for authentication for corporate e-mail, access to proprietary systems,
> etc... Again, not trying to reinvent the wheel, just seeing if anybody has
> implemented such a system or has worked with a commercial alternative.
Without extending to email and that other stuff, we wound up hacking up
the mysql backend extensions for tac_plus, and then hacked up a perl
radius server to talk to the same db. We wound up with exactly what you're
looking for. If you've got the clue power laying around to do those kinds
of mods, they definitely pay for themselves over time, especially if
you're a RANCID enabled shop.
- billn
More information about the cisco-nsp
mailing list