Net::TacacsPlus::Client - Tacacs+ client library
use Net::TacacsPlus::Client; use Net::TacacsPlus::Constants; my $tac = new Net::TacacsPlus::Client( host => 'localhost', key => 'secret'); if ($tac->authenticate($username, $password, TAC_PLUS_AUTHEN_TYPE_PAP)){ print "Authentication successful.\n"; } else { print "Authentication failed: ".$tac->errmsg()."\n"; } my @args = ( 'service=shell', 'cmd=ping', 'cmd-arg=10.0.0.1' ); my @args_response; if($tac->authorize($username, \@args, \@args_response)) { print "Authorization successful.\n"; print "Arguments received from server:\n"; print join("\n", @args_response); } else { print "Authorization failed: " . $tac->errmsg() . "\n"; } @args = ( 'service=shell', 'cmd=ping', 'cmd-arg=10.0.0.1' ); if($tac->account($username, \@args)) { print "Accounting successful.\n"; } else { print "Accounting failed: " . $tac->errmsg() . "\n"; }
Currently only PAP and ASCII authentication can be used agains Tacacs+ server.
Tested agains Cisco ACS 3.3 and Cisco (ftp://ftp-eng.cisco.com/pub/tacacs/) tac-plus server.
required parameters: host, key
host - tacacs server key - ecryption secret
optional parameters: timeout, port
timeout - tcp timeout port - tcp port
Close socket connection.
Inititalize socket connection to tacacs server.
Returns latest error message
username - tacacs+ username password - tacacs+ user password authen_type - TAC_PLUS_AUTHEN_TYPE_ASCII | TAC_PLUS_AUTHEN_TYPE_PAP rem_addr - remote client address (optional, default is 127.0.0.1) port - remote client port (optional, default is Virtual00) new_password - if set (other than undef) will trigger password change
username - tacacs+ username args - tacacs+ authorization arguments args_response - updated by tacacs+ authorization arguments returned by server (optional) rem_addr - remote client address (optional, default is 127.0.0.1) port - remote client port (optional, default is Virtual00)
Check if the arguments comply with RFC.
username - tacacs+ username args - tacacs+ authorization arguments flags - optional: tacacs+ accounting flags default: TAC_PLUS_ACCT_FLAG_STOP rem_addr - remote client address (optional, default is 127.0.0.1) port - remote client port (optional, default is Virtual00)
method for receiving TAC+ reply packet from the server.
type is a Net::TacacsPlus::Packet type.
type
Jozef Kutej - <jkutej@cpan.org>
Authorization and Accounting contributed by Rubio Vaughan <rubio@passim.net>
1.07
tac-rfc.1.78.txt, Net::TacacsPlus::Packet
Complete client script Net-TacacsPlus/examples/client.pl.
Net-TacacsPlus/examples/client.pl
tacacs+ CHAP, ARAP, MSCHAP authentication
Copyright (C) 2006 by Jozef Kutej
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.
To install Net::TacacsPlus, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::TacacsPlus
CPAN shell
perl -MCPAN -e shell install Net::TacacsPlus
For more information on module installation, please visit the detailed CPAN module installation guide.