From owner-freebsd-isp Fri Apr 30 4:26: 4 1999 Delivered-To: freebsd-isp@freebsd.org Received: from ppc1.cybertime.ch (ppc1.cybertime.ch [194.191.120.136]) by hub.freebsd.org (Postfix) with ESMTP id 235EF14FB0 for ; Fri, 30 Apr 1999 04:26:00 -0700 (PDT) (envelope-from pajarola@cybertime.ch) Received: from tiamat.dlc.cybertime.ch (tiamat.dlc.cybertime.ch [194.191.120.143]) by ppc1.cybertime.ch (8.9.2/8.9.2) with SMTP id NAA33336; Fri, 30 Apr 1999 13:24:10 +0200 Message-Id: <3.0.32.19990430132403.008c2c30@shrike.overmind.ch> X-Sender: pajarola@shrike.overmind.ch X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 30 Apr 1999 13:24:08 +0200 To: Dave Edwards From: Rico Pajarola Subject: Re: Tacacs Cc: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Stay away from tacacs (or xtacacs), use tacacs+, or radius. I am using tac_plus 2.1 from cisco (modified so that it writes accounting information into utmp/wtmp style files). I think it is in the ports collection. Development seems dead now though (no new releases or bugfixes for years). I haven't heard of any other free tacacs+ servers. Cisco also has a commercial tacacs+ server with ton's of features, but I don't think it runs on FreeBSD. Have a look at RADIUS, all newer ciscos support it, and it seems to be much more scalable, and there are several free and commercial servers to choose from. As for pam, there is a pam module that can authenticate to a tacplus (not tacacs), but encryption doesn't work, so you'll have to use plaintext (maybe this has been fixed in the meantime). See pam(8), tacplus.conf(5) and libtacplus(3). Rico At 19:10 99.04.30 +0930, you wrote: >Hi folks, > >Anyone seen Tacacs support for FreeBSD? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message