Open Ethernet Networking (OpEN) API Guide and Reference Manual
3.6.0.3
|
TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ provides separate Authentication, Authorization and Accounting services. The original protocol was UDP based with messages passed in clear text over the network; TACACS+ uses TCP to ensure reliable delivery and a shared key configured on the client and daemon server to encrypt all messages.
This document provides a brief description of the TACACS+ OpEN APIs. The TACACS+ OpEN APIs allow processes outside of the ICOS main process (switchdrvr) access to TACACS+ Management services. It provides the following services:
All 'Set' operations may affect the Switch behavior and configuration.
In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.
tacacs_example.c is a sample application that demonstrates the use of the TACACS+ OpEN APIs. tacacs_example is started from the command line and has the following usage syntax:
Usage: tacacs_example <test#> <arg1> <arg2> ...
It exercises all the TACACS+ OpEN APIs with appropriate arguments to manage the TACACS+ component in the ICOS main process (switchdrvr).
CLI Command | OpEN API Reference |
---|---|
(Config)# [no]tacacs-server host <ip-address | hostname> | openapiTacacsServerAdd() openapiTacacsServerDelete() openapiTacacsServerNextGet() |
(Config)# tacacs-server key <key-string> | openapiTacacsServerGlobalKeySet() |
(Config)# no tacacs-server key | openapiTacacsServerGlobalKeyDelete() |
(Config)# [no]tacacs-server timeout [<timeout>] | openapiTacacsServerGlobalTimeoutSet() openapiTacacsServerGlobalTimeoutGet() |
(Tacacs)# key [<key-string>] | openapiTacacsServerKeySet() openapiTacacsServerDefaultKeySet() |
(Tacacs)# port [<port-number>] | openapiTacacsServerPortSet() openapiTacacsServerDefaultPortSet() openapiTacacsServerPortGet() |
(Tacacs)# priority [<priority>] | openapiTacacsServerPrioritySet() openapiTacacsServerDefaultPrioritySet() |
(Tacacs)# timeout [<timeout>] | openapiTacacsServerTimeoutSet() |