Sponsoring The Perl Toolchain Summit 2025: Help make this important event another success Learn more

 / 
Net-TacacsPlus-1.10
River stage one • 1 direct dependent • 2 total dependents
/ Net::TacacsPlus::Client

NAME

Net::TacacsPlus::Client - Tacacs+ client library

SYNOPSIS


            

              
              
use Net::TacacsPlus::Client;
use Net::TacacsPlus::Constants;
my $tac = new Net::TacacsPlus::Client(
                        host => 'localhost',
                        key => 'secret');
if ($tac->authenticate($username, $password, TAC_PLUS_AUTHEN_TYPE_PAP)){                   
        print "Authentication successful.\n";                                  
} else {                                                    
        print "Authentication failed: ".$tac->errmsg()."\n";         
}                                                           
my @args = ( 'service=shell', 'cmd=ping', 'cmd-arg=10.0.0.1' );
my @args_response;
if($tac->authorize($username, \@args, \@args_response))
{
        print "Authorization successful.\n";
        print "Arguments received from server:\n";
        print join("\n", @args_response);
} else {
        print "Authorization failed: " . $tac->errmsg() . "\n";
}
@args = ( 'service=shell', 'cmd=ping', 'cmd-arg=10.0.0.1' );
if($tac->account($username, \@args))
{
        print "Accounting successful.\n";
} else {
        print "Accounting failed: " . $tac->errmsg() . "\n";
}

DESCRIPTION

Currently only PAP and ASCII authentication can be used agains Tacacs+ server.

Tested agains Cisco ACS 3.3 and Cisco (ftp://ftp-eng.cisco.com/pub/tacacs/) tac-plus server.

METHODS

new( somekey => somevalue )

required parameters: host, key


            

              
              
host    - tacacs server
key     - ecryption secret

optional parameters: timeout, port


            

              
              
timeout - tcp timeout
port    - tcp port
close()

Close socket connection.

init_tacacs_session()

Inititalize socket connection to tacacs server.

errmsg()

Returns latest error message

authenticate(username, password, authen_type)

username - tacacs+ username password - tacacs+ user password authen_type - TAC_PLUS_AUTHEN_TYPE_ASCII | TAC_PLUS_AUTHEN_TYPE_PAP rem_addr - remote client address (optional, default is 127.0.0.1) port - remote client port (optional, default is Virtual00) new_password - if set (other than undef) will trigger password change

authorize(username, args, args_response)

username - tacacs+ username args - tacacs+ authorization arguments args_response - updated by tacacs+ authorization arguments returned by server (optional) rem_addr - remote client address (optional, default is 127.0.0.1) port - remote client port (optional, default is Virtual00)

check_args([])

Check if the arguments comply with RFC.

account(username, args)

username - tacacs+ username args - tacacs+ authorization arguments flags - optional: tacacs+ accounting flags default: TAC_PLUS_ACCT_FLAG_STOP rem_addr - remote client address (optional, default is 127.0.0.1) port - remote client port (optional, default is Virtual00)

recv_reply(type)

method for receiving TAC+ reply packet from the server.

type is a Net::TacacsPlus::Packet type.

AUTHOR

Jozef Kutej - <jkutej@cpan.org>

Authorization and Accounting contributed by Rubio Vaughan <rubio@passim.net>

VERSION

1.07

SEE ALSO

tac-rfc.1.78.txt, Net::TacacsPlus::Packet

Complete client script Net-TacacsPlus/examples/client.pl.

TODO


            

              
              
tacacs+ CHAP, ARAP, MSCHAP authentication

COPYRIGHT AND LICENSE

Copyright (C) 2006 by Jozef Kutej

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.