1.\" Copyright 1998 Juniper Networks, Inc. 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 29, 1998 28.Dt TACPLUS.CONF 5 29.Os 30.Sh NAME 31.Nm tacplus.conf 32.Nd TACACS+ client configuration file 33.Sh SYNOPSIS 34.Pa /etc/tacplus.conf 35.Sh DESCRIPTION 36.Nm 37contains the information necessary to configure the TACACS+ client 38library. 39It is parsed by 40.Fn tac_config 41(see 42.Xr libtacplus 3 ) . 43The file contains one or more lines of text, each describing a 44single TACACS+ server which is to be used by the library. 45Leading 46white space is ignored, as are empty lines and lines containing 47only comments. 48.Pp 49A TACACS+ server is described by two to four fields on a line. 50The 51fields are separated by white space. 52The 53.Ql # 54character at the beginning of a field begins a comment, which extends 55to the end of the line. 56A field may be enclosed in double quotes, 57in which case it may contain white space and/or begin with the 58.Ql # 59character. 60Within a quoted string, the double quote character can 61be represented by 62.Ql \e\&" , 63and the backslash can be represented by 64.Ql \e\e . 65No other escape sequences are supported. 66.Pp 67The first field specifies 68the server host, either as a fully qualified domain name or as a 69dotted-quad IP address. 70The host may optionally be followed by a 71.Ql \&: 72and a numeric port number, without intervening white space. 73If the 74port specification is omitted, it defaults to 49, the standard TACACS+ 75port. 76.Pp 77The second field contains the shared secret, which should be known 78only to the client and server hosts. 79It is an arbitrary string 80of characters, though it must be enclosed in double quotes if it 81contains white space or is empty. 82An empty secret disables the 83normal encryption mechanism, causing all data to cross the network in 84cleartext. 85.Pp 86The third field contains a decimal integer specifying the timeout 87in seconds for communicating with the server. 88The timeout applies 89separately to each connect, write, and read operation. 90If this field 91is omitted, it defaults to 3 seconds. 92.Pp 93The optional fourth field may contain the string 94.Ql single-connection . 95If this option is included, the library will attempt to negotiate 96with the server to keep the TCP connection open for multiple 97sessions. 98Some older TACACS+ servers become confused if this option 99is specified. 100.Pp 101Up to 10 TACACS+ servers may be specified. 102The servers are tried in 103order, until a valid response is received or the list is exhausted. 104.Pp 105The standard location for this file is 106.Pa /etc/tacplus.conf . 107An alternate pathname may be specified in the call to 108.Fn tac_config 109(see 110.Xr libtacplus 3 ) . 111Since the file contains sensitive information in the form of the 112shared secrets, it should not be readable except by root. 113.Sh FILES 114.Bl -tag -width Pa 115.It Pa /etc/tacplus.conf 116.El 117.Sh EXAMPLES 118.Bd -literal 119# A simple entry using all the defaults: 120tacserver.domain.com OurLittleSecret 121 122# A server using a non-standard port, with an increased timeout and 123# the "single-connection" option. 124auth.domain.com:4333 "Don't tell!!" 15 single-connection 125 126# A server specified by its IP address: 127192.168.27.81 $X*#..38947ax-+= 128.Ed 129.Sh SEE ALSO 130.Xr libtacplus 3 131.Sh AUTHORS 132This documentation was written by 133.An John Polstra , 134and donated to the 135.Fx 136project by Juniper Networks, Inc. 137