Support User Manuals

Brocade Communications Systems 53-1002745-02 Marine Radio User Manual

Open as PDF

of 666

172 Fabric OS Administrator’s Guide

53-1002745-02

Remote authentication

5

Configuring the TACACS+ server on LINUX

FabricOS software supports TACACS+ authentication on a LINUX server running the Open Source

TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the

following steps.

1. Download the TACACS+ software from http://www.cisco.com and install it.

Refer to the Cisco documentation for installation instructions.

2. Configure the TACACS+ server by editing the tac_plus.cfg file.

Refer to “The tac_plus.cfg file” (below) for details.

3. Run the tac_plus daemon to start and enable the TACACS+ service on the server.

Example

> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg

The tac_plus.cfg file

All configuration of the TACACS+ server is done in the tac_plus.cfg file. Open the file by using the

editor of your choice and customize the file as needed.

You must add users into this file and provide some attributes specific to the Brocade

implementation. Table 20 lists and defines attributes specific to Brocade.

Adding a user and assigning a role

When adding a user to the tac_plus.cfg file, you should at least provide the brcd-role attribute. The

value assigned to this attribute should match a role defined for the switch. When a logon is

authenticated, the role specified by the brcd-role attribute represents the permissions granted to

the account. If no role is specified, or if the specified role does not exist on the switch, the account

is granted user role permissions only.

Refer to “Role-Based Access Control” on page 134 for details about roles.

The following fragment from a tac_plus.cfg file adds a user named fosuser1 and assigns the

securityAdmin role to the account.

user = fosuser1 {

chap = cleartext "my$chap$pswrd"

pap = cleartext "pap-password"

service = exec {

brcd-role = securityAdmin;

}

}

TABLE 20 Brocade custom TACACS+ attributes

Attribute Purpose

brcd-role Role assigned to the user account

brcd-AV-Pair1 The Admin Domain or Virtual Fabric member list, and chassis role

brcd-AV-Pair2 The Admin Domain or Virtual Fabric member list, and chassis role

brcd-passwd-expiryDate The date on which the password expires

brcd-passwd-warnPeriod The time before expiration for the user to receive a warning message

previous next