Personal tools
You are here: Home wikidblog TACACS+ - The good and the bad
« September 2008 »
Mo Tu We Th Fr Sa Su
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
Recent comments
Re:Security and Oil admin Apr 25, 2008
Re:Security and Oil Paul feet Apr 24, 2008
Re:100% open source admin Apr 22, 2008
Re:100% open source Adam Apr 22, 2008
Re:Capital Gains Tax Rates and Entrepreneurs Lance Oct 23, 2007
 
2008/03/14

TACACS+ - The good and the bad

The good news is that the 3.0.1 release of the WiKID Strong Authentication server has improved support for TACACS+. You can now create a file in /opt/WiKID/private called tacacs.local and it's contents will appear in the tacacs.conf file, allowing finer grain control of permissions, etc.

The bad news is that the pam_stack module we used in the past for using tacacs+ for PAM has been deprecated in favor of include. Unfortunately, I don't think PAM Tacacs code has been updated. Hopefully, I'll get a chance to try it again soon. In the meantime, if anyone has any thoughts, please let me know.

I have mixed feelings about Tacacs+. It is a Cisco proprietary protocol and as such is less supported than Radius. Thus, our implementation is a bit of a hack. We could only find one open source solution for it and it's not in Java, which is the WiKID server's language. As a result, we have to write the one-time passcodes to tacacs.conf, the OTPs are time-bound but on one-time use. However, one prospect (now customer) at a German bank said we had the best TACACS+ server he had seen on the 'net. With his help, it's getting better too.

Category(s)
Two Factor Authentication
WiKID
Open Source
Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

(Required)
(Required)
(Required)
(Required)
This helps us prevent automated spamming.

Start using WiKID today
Got Questions? Get Answers.