.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "TacacsPlus 3pm" .TH TacacsPlus 3pm "2020-11-08" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Authen::TacacsPlus \- Perl extension for authentication using tacacs+ server .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use Authen::TacacsPlus; \& \& $tac = new Authen::TacacsPlus(Host=>$server, \& Key=>$key, \& Port=>\*(Aqtacacs\*(Aq, \& Timeout=>15); \& \& or \& \& $tac = new Authen::TacacsPlus( \& [ Host=>$server1, Key=>$key1, Port=>\*(Aqtacacs\*(Aq, Timeout=>15 ], \& [ Host=>$server2, Key=>$key2, Port=>\*(Aqtacacs\*(Aq, Timeout=>15 ], \& [ Host=>$server3, Key=>$key3, Port=>\*(Aqtacacs\*(Aq, Timeout=>15 ], \& ... ); \& \& $tac\->authen($username,$passwords); \& \& Authen::TacacsPlus::errmsg(); \& \& $tac\->close(); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Authen::TacacsPlus allows you to authenticate using tacacs+ server. .PP .Vb 4 \& $tac = new Authen::TacacsPlus(Host=>$server, \& Key=>$key, \& Port=>\*(Aqtacacs\*(Aq, \& Timeout=>15); .Ve .PP Opens new session with tacacs+ server on host \f(CW$server\fR, encrypted with key \f(CW$key\fR. Undefined object is returned if something wrong (check \fBerrmsg()\fR). .PP With a list of servers the order is relevant. It checks the availability of the Tacacs+ service using the order you defined. .PP .Vb 1 \& Authen::TacacsPlus::errmsg(); .Ve .PP Returns last error message. .PP .Vb 1 \& $tac\->authen($username,$password,$authen_type); .Ve .PP Tries an authentication with \f(CW$username\fR and \f(CW$password\fR. 1 is returned if authenticaton succeded and 0 if failed (check \fBerrmsg()\fR for reason). .PP \&\f(CW$authen_type\fR is an optional argument that specifies what type of authentication to perform. Allowable options are: Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII (default) Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_CHAP .PP \&\s-1ASCII\s0 uses Tacacs+ version 0, and will authenticate against the \*(L"login\*(R" or \*(L"global\*(R" password on the Tacacs+ server. If no authen_type is specified, it defaults to this type of authentication. .PP \&\s-1PAP\s0 uses Tacacs+ version 1, and will authenticate against the \*(L"pap\*(R" or \*(L"global\*(R" password on the Tacacs+ server. .PP \&\s-1CHAP\s0 uses Tacacs+ version 1, and will authenticate against the \*(L"chap\*(R" or \*(L"global\*(R" password on the Tacacs+ server. With \s-1CHAP,\s0 the password if formed by the concatenation of chap id + chap challenge + chap response .PP There is example code in test.pl .PP If you use a list of servers you can continue using \f(CW$tac\fR\->authen if one of them goes down or become unreachable. .PP .Vb 1 \& $tac\->close(); .Ve .PP Closes session with tacacs+ server. .SH "EXAMPLE" .IX Header "EXAMPLE" .Vb 1 \& use Authen::TacacsPlus; \& \& \& $tac = new Authen::TacacsPlus(Host=>\*(Aqfoo.bar.ru\*(Aq,Key=>\*(Aq9999\*(Aq); \& unless ($tac){ \& print "Error: ",Authen::TacacsPlus::errmsg(),"\en"; \& exit(1); \& } \& if ($tac\->authen(\*(Aqjohn\*(Aq,\*(Aqjohnpass\*(Aq)){ \& print "Granted\en"; \& } else { \& print "Denied: ",Authen::TacacsPlus::errmsg(),"\en"; \& } \& $tac\->close(); .Ve .SH "AUTHOR" .IX Header "AUTHOR" Mike Shoyher, msh@corbina.net, msh@apache.lexa.ru .PP Mike McCauley, mikem@airspayce.com .SH "BUGS" .IX Header "BUGS" only authentication is supported .PP only one session may be active (you have to close one session before opening another one) .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBperl\fR\|(1).