.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "TacacsPlus 3pm"
.TH TacacsPlus 3pm 2024-01-10 "perl v5.38.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
Authen::TacacsPlus \- Perl extension for authentication using tacacs+ server
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\&  use Authen::TacacsPlus;
\&
\&  $tac = new Authen::TacacsPlus(Host=>$server,
\&                        Key=>$key,
\&                        Port=>\*(Aqtacacs\*(Aq,
\&                        Timeout=>15);
\&
\&  or
\&
\&  $tac = new Authen::TacacsPlus(
\&     [ Host=>$server1, Key=>$key1, Port=>\*(Aqtacacs\*(Aq, Timeout=>15 ],
\&     [ Host=>$server2, Key=>$key2, Port=>\*(Aqtacacs\*(Aq, Timeout=>15 ],
\&     [ Host=>$server3, Key=>$key3, Port=>\*(Aqtacacs\*(Aq, Timeout=>15 ],
\&     ...  );
\&
\&  $tac\->authen($username,$passwords);
\&
\&  Authen::TacacsPlus::errmsg(); 
\&
\&  $tac\->close();
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
Authen::TacacsPlus allows you to authenticate using tacacs+ server.
.PP
.Vb 4
\&  $tac = new Authen::TacacsPlus(Host=>$server,      
\&                        Key=>$key,          
\&                        Port=>\*(Aqtacacs\*(Aq,   
\&                        Timeout=>15);
.Ve
.PP
Opens new session with tacacs+ server on host \f(CW$server\fR, encrypted
with key \f(CW$key\fR. Undefined object is returned if something wrong
(check \fBerrmsg()\fR).
.PP
With a list of servers the order is relevant. It checks the availability
of the Tacacs+ service using the order you defined.
.PP
.Vb 1
\&  Authen::TacacsPlus::errmsg();
.Ve
.PP
Returns last error message.
.PP
.Vb 1
\&  $tac\->authen($username,$password,$authen_type);
.Ve
.PP
Tries an authentication with \f(CW$username\fR and \f(CW$password\fR. 1 is returned if
authenticaton succeded and 0 if failed (check \fBerrmsg()\fR for reason).
.PP
\&\f(CW$authen_type\fR is an optional argument that specifies what type
of authentication to perform. Allowable options are:
Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII (default)
Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP
Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_CHAP
.PP
ASCII uses Tacacs+ version 0, and will authenticate against 
the "login" or "global" password on the Tacacs+ server. If no
authen_type is specified, it defaults to this type of authentication.
.PP
PAP uses Tacacs+ version 1, and will authenticate against 
the "pap" or "global" password on the Tacacs+ server.
.PP
CHAP uses Tacacs+ version 1, and will authenticate against 
the "chap" or "global" password on the Tacacs+ server. With CHAP,
the password if formed by the concatenation of
  chap id + chap challenge + chap response
.PP
There is example code in test.pl
.PP
If you use a list of servers you can continue using \f(CW$tac\fR\->authen if
one of them goes down or become unreachable.
.PP
.Vb 1
\&  $tac\->close();
.Ve
.PP
Closes session with tacacs+ server.
.SH EXAMPLE
.IX Header "EXAMPLE"
.Vb 1
\&  use Authen::TacacsPlus;                                             
\&                                                              
\&                                                              
\&  $tac = new Authen::TacacsPlus(Host=>\*(Aqfoo.bar.ru\*(Aq,Key=>\*(Aq9999\*(Aq);  
\&  unless ($tac){                                              
\&          print "Error: ",Authen::TacacsPlus::errmsg(),"\en";          
\&          exit(1);                                            
\&  }                                                           
\&  if ($tac\->authen(\*(Aqjohn\*(Aq,\*(Aqjohnpass\*(Aq)){                   
\&          print "Granted\en";                                  
\&  } else {                                                    
\&          print "Denied: ",Authen::TacacsPlus::errmsg(),"\en";         
\&  }                                                           
\&  $tac\->close();
.Ve
.SH AUTHOR
.IX Header "AUTHOR"
Mike Shoyher, msh@corbina.net, msh@apache.lexa.ru
.PP
Mike McCauley, mikem@airspayce.com
.SH BUGS
.IX Header "BUGS"
only authentication is supported
.PP
only one session may be active (you have to close one session before
opening another one)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBperl\fR\|(1).