Wednesday, July 29, 2009

New TACACS+ (tac_plus) server package

Over the last couple of weeks I have been working on packaging, testing and patching a TACACS+ server to work with Ubuntu Server.

I figured it was time to post up a quick blog about this package, and hopefully see what interest there was out there for this service.

What is TACACS+ and what does the tac_plus package provide?

TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.

This package provides the server (daemon) for TACACS+ which responds to authentication requests from a RAS (Remote Access Server). The daemon will validate the request against an SQL database, and provide authorization and the level of access, if the authentication passes. The RAS can also provide accounting information to the daemon, for logging purposes.

Please note, there are other implementations of the TACACS+ protocol out there, some of which are unmaintained. This particular version is maintained and is a complete re-write of the TACACS+ daemon from Cisco Systems, and has been implemented in C++. It is under heavy development, and there may be some bugs or missing features in this release. I am working with the author to ensure these things get properly reported and addressed as they are discovered.

Where is this package available for testing?

It is currently in beta testing in my PPA: https://launchpad.net/~roderick-greening/+archive/ppa

Where can I get the source?

The source is currently hosted at http://www.networkforums.net/, and you will need to register for an account to access the download area. I am working with the author to get this hosted in a proper prepository like sourceforge, github, launchpad, etc. Please be patient while we work these details out.

The Web UI for configuration is not yet packaged. You will need to get the tgz from main site until I get it packaged.

Why this version and not some other?

1) Fairly new project
2) Active development and maintenance
3) C++ :)
4) Has a Web UI for configuration (to be added to package shortly)
5) Uses a db to store configuration and AAA logs rather than plain text files

Anyway, feel free to test it out. Also, please give me feedback on how this works for you. Remember, you need to get the Web UI tgz after installing this package and set it up. Hopefully, I'll get this packaged in the next week or so, time permitting. There is a man page (man tac_plus) and a readme (README.Debian) which should help in getting things up and running.

5 comments:

  1. The networkforum account registration can not send outbound emails for confirmation. Is there anyway to get the WebUI posted somewhere else until they get this fixed?

    ReplyDelete
  2. So the networkforum server can't seem to send outbound emails to let me setup up an account. I can't download webui for the server. Can we get it some other way?

    ReplyDelete
  3. Fantastic! Been looking for a tacacs server that is being actively developed combined with a debian package. Thanks for your work here!

    Unfortunately, signup to the networkforums website hasn't been operational for weeks so haven't been able to grab this myself. Can you provide a direct link to the webui src tgz?

    If you have the time, please drop me a line at andrewo at oriel dot com dot au.

    ReplyDelete
  4. I can't install the package.

    Using Ubuntu 8.10.

    root@tacacs:/etc/apt# apt-get install tac-plus
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.

    Since you only requested a single operation it is extremely likely that
    the package is simply not installable and a bug report against
    that package should be filed.
    The following information may help to resolve the situation:

    The following packages have unmet dependencies:
    tac-plus: Depends: libmysqlclient16 (>= 5.1.21-1) but it is not installable
    E: Broken packages

    I can't find libmysqlclient16?

    root@tacacs:/etc/apt# apt-cache search libmysqlclient
    libmysqlclient15-dev - MySQL database development files
    libmysqlclient15off - MySQL database client library
    libcrypt-mysql-perl - Perl module to emulate the MySQL PASSWORD() function.
    libglpk0 - linear programming kit with integer (MIP) support
    ser-mysql-module - contains the MySQL database connectivity module

    Any ideas?

    ReplyDelete
  5. How can I install the webui?

    ReplyDelete