[c-nsp] TACACS vs RADIUS
Matt Addison
matt.addison at lists.evilgeni.us
Mon Feb 27 23:13:54 EST 2012
On Feb 27, 2012, at 22:18, Jason 'XenoPhage' Frisvold
<xenophage at godshell.com> wrote:
> On Feb 27, 2012, at 8:25 PM, Nick Hilliard wrote:
>> www.shrubbery.net/tac_plus/
>>
>> Cisco wrote the original version but hasn't contributed anything for some
>> years. One great feature of this daemon is that it doesn't have a GUI, and
>> that it's fully configuration file based.
>>
>> Obviously if you don't like it, you should use something else.
>
> Actually, that's what we're using now and it works great. I was looking elsewhere because we have RADIUS which we need, and we have LDAP, which we need.. Mayhaps we can have tac_plus talk to LDAP? Though I haven't seen a way to do that as of yet ...
tac_plus can authenticate off ldap through it's PAM mode, however you
still need a tac_plus.conf defining the users. But that's probably
trivially scripted with ldapsearch and $scripting_language. Or just
make it part of your new hire checklist.
More information about the cisco-nsp
mailing list