oracular (3) Authen::TacacsPlus.3pm.gz

Provided by: libauthen-tacacsplus-perl_0.28-2build3_amd64 bug

NAME

       Authen::TacacsPlus - Perl extension for authentication using tacacs+ server

SYNOPSIS

         use Authen::TacacsPlus;

         $tac = new Authen::TacacsPlus(Host=>$server,
                               Key=>$key,
                               Port=>'tacacs',
                               Timeout=>15);

         or

         $tac = new Authen::TacacsPlus(
            [ Host=>$server1, Key=>$key1, Port=>'tacacs', Timeout=>15 ],
            [ Host=>$server2, Key=>$key2, Port=>'tacacs', Timeout=>15 ],
            [ Host=>$server3, Key=>$key3, Port=>'tacacs', Timeout=>15 ],
            ...  );

         $tac->authen($username,$passwords);

         Authen::TacacsPlus::errmsg();

         $tac->close();

DESCRIPTION

       Authen::TacacsPlus allows you to authenticate using tacacs+ server.

         $tac = new Authen::TacacsPlus(Host=>$server,
                               Key=>$key,
                               Port=>'tacacs',
                               Timeout=>15);

       Opens new session with tacacs+ server on host $server, encrypted with key $key. Undefined
       object is returned if something wrong (check errmsg()).

       With a list of servers the order is relevant. It checks the availability of the Tacacs+
       service using the order you defined.

         Authen::TacacsPlus::errmsg();

       Returns last error message.

         $tac->authen($username,$password,$authen_type);

       Tries an authentication with $username and $password. 1 is returned if authenticaton
       succeded and 0 if failed (check errmsg() for reason).

       $authen_type is an optional argument that specifies what type of authentication to
       perform. Allowable options are: Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII (default)
       Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_CHAP

       ASCII uses Tacacs+ version 0, and will authenticate against the "login" or "global"
       password on the Tacacs+ server. If no authen_type is specified, it defaults to this type
       of authentication.

       PAP uses Tacacs+ version 1, and will authenticate against the "pap" or "global" password
       on the Tacacs+ server.

       CHAP uses Tacacs+ version 1, and will authenticate against the "chap" or "global" password
       on the Tacacs+ server. With CHAP, the password if formed by the concatenation of
         chap id + chap challenge + chap response

       There is example code in test.pl

       If you use a list of servers you can continue using $tac->authen if one of them goes down
       or become unreachable.

         $tac->close();

       Closes session with tacacs+ server.

EXAMPLE

         use Authen::TacacsPlus;

         $tac = new Authen::TacacsPlus(Host=>'foo.bar.ru',Key=>'9999');
         unless ($tac){
                 print "Error: ",Authen::TacacsPlus::errmsg(),"\n";
                 exit(1);
         }
         if ($tac->authen('john','johnpass')){
                 print "Granted\n";
         } else {
                 print "Denied: ",Authen::TacacsPlus::errmsg(),"\n";
         }
         $tac->close();

AUTHOR

       Mike Shoyher, msh@corbina.net, msh@apache.lexa.ru

       Mike McCauley, mikem@airspayce.com

BUGS

       only authentication is supported

       only one session may be active (you have to close one session before opening another one)

SEE ALSO

       perl(1).