Wednesday, July 29, 2009

New TACACS+ (tac_plus) server package

Over the last couple of weeks I have been working on packaging, testing and patching a TACACS+ server to work with Ubuntu Server.

I figured it was time to post up a quick blog about this package, and hopefully see what interest there was out there for this service.

What is TACACS+ and what does the tac_plus package provide?

TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.

This package provides the server (daemon) for TACACS+ which responds to authentication requests from a RAS (Remote Access Server). The daemon will validate the request against an SQL database, and provide authorization and the level of access, if the authentication passes. The RAS can also provide accounting information to the daemon, for logging purposes.

Please note, there are other implementations of the TACACS+ protocol out there, some of which are unmaintained. This particular version is maintained and is a complete re-write of the TACACS+ daemon from Cisco Systems, and has been implemented in C++. It is under heavy development, and there may be some bugs or missing features in this release. I am working with the author to ensure these things get properly reported and addressed as they are discovered.

Where is this package available for testing?

It is currently in beta testing in my PPA: https://launchpad.net/~roderick-greening/+archive/ppa

Where can I get the source?

The source is currently hosted at http://www.networkforums.net/, and you will need to register for an account to access the download area. I am working with the author to get this hosted in a proper prepository like sourceforge, github, launchpad, etc. Please be patient while we work these details out.

The Web UI for configuration is not yet packaged. You will need to get the tgz from main site until I get it packaged.

Why this version and not some other?

1) Fairly new project
2) Active development and maintenance
3) C++ :)
4) Has a Web UI for configuration (to be added to package shortly)
5) Uses a db to store configuration and AAA logs rather than plain text files

Anyway, feel free to test it out. Also, please give me feedback on how this works for you. Remember, you need to get the Web UI tgz after installing this package and set it up. Hopefully, I'll get this packaged in the next week or so, time permitting. There is a man page (man tac_plus) and a readme (README.Debian) which should help in getting things up and running.