TACACS+ configuration for remote TACACS+ client authentication

REST Endpoints

Collection URI
Collection Methods
Resource URI
/mgmt/tm/auth/tacacs/~resource id
Resource Methods
Resource Natural Key
name, partition, subPath


Name Type Default Value Required Access Description
accounting string send-to-first-server optional read/write If multiple TACACS+ servers are defined and pluggable authentication module (PAM) session accounting is enabled, sends accounting start and stop packets to the first available server or to all servers. The default value is send-to-first-server.
appService string   optional read/write The application service that the object belongs to.
authentication string use-first-server optional read/write Specifies the process the system employs when sending authentication requests. The default is use-first-server. use-first-server specifies that the system sends authentication requests to only the first server in the list. use-all-servers specifies that the system sends an authentication request to each server until authentication succeeds, or until the system has sent a request to all servers in the list.
debug string disabled optional read/write Enables syslog-ng debugging information at LOG DEBUG level. Not recommended for normal use. The default value is disabled.
description string   optional read/write User defined description.
encryption string enabled optional read/write Enables or disables encryption of TACACS+ packets. Recommended for normal use. The default value is enabled.
tmPartition string Common optional read/write Displays the partition within which the server resides.
protocol string   optional read/write Specifies the protocol associated with the value specified in the service option, which is a subset of the associated service being used for client authorization or system accounting.
secret string   required read/write Sets the secret key used to encrypt and decrypt packets sent or received from the server. This option is required.
servers string   required read/write Specifies a host name or IP address for the TACACS+ server. This option is required. Possible values are a user-specified string, and none. You must specify a server when you create a TACACS+ configuration object.
service string   optional read/write Specifies the name of the service that the user is requesting to be authenticated to use. Identifying the service enables the TACACS+ server to behave differently for different types of authentication requests. This option is required.
timeout integer 10 optional read/write Specifies the connect timeout in seconds.
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.