Open Ethernet Networking (OpEN) API Guide and Reference Manual  3.6.0.3
TACACS+

TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ provides separate Authentication, Authorization and Accounting services. The original protocol was UDP based with messages passed in clear text over the network; TACACS+ uses TCP to ensure reliable delivery and a shared key configured on the client and daemon server to encrypt all messages.

TACACS OpEN API

This document provides a brief description of the TACACS+ OpEN APIs. The TACACS+ OpEN APIs allow processes outside of the ICOS main process (switchdrvr) access to TACACS+ Management services. It provides the following services:

All 'Set' operations may affect the Switch behavior and configuration.

Example C Application tacacs_example

Initialization

In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.

tacacs_example

tacacs_example.c is a sample application that demonstrates the use of the TACACS+ OpEN APIs. tacacs_example is started from the command line and has the following usage syntax:

Usage: tacacs_example <test#> <arg1> <arg2> ...

It exercises all the TACACS+ OpEN APIs with appropriate arguments to manage the TACACS+ component in the ICOS main process (switchdrvr).

TACACS+ CLI/API Cross Reference

CLI Command OpEN API Reference
(Config)#
[no]tacacs-server host <ip-address | hostname>
openapiTacacsServerAdd()
openapiTacacsServerDelete()
openapiTacacsServerNextGet()
(Config)#
tacacs-server key <key-string>
openapiTacacsServerGlobalKeySet()
(Config)#
no tacacs-server key
openapiTacacsServerGlobalKeyDelete()
(Config)#
[no]tacacs-server timeout [<timeout>]
openapiTacacsServerGlobalTimeoutSet()
openapiTacacsServerGlobalTimeoutGet()
(Tacacs)#
key [<key-string>]
openapiTacacsServerKeySet()
openapiTacacsServerDefaultKeySet()
(Tacacs)#
port [<port-number>]
openapiTacacsServerPortSet()
openapiTacacsServerDefaultPortSet()
openapiTacacsServerPortGet()
(Tacacs)#
priority [<priority>]
openapiTacacsServerPrioritySet()
openapiTacacsServerDefaultPrioritySet()
(Tacacs)#
timeout [<timeout>]
openapiTacacsServerTimeoutSet()