ltm auth tacacsΒΆ

ltm auth tacacs(1)	      BIG-IP TMSH Manual	    ltm auth tacacs(1)



NAME
       tacacs - Configures a TACACS+ configuration component for implementing
       remote TACACS+-based client authentication.

MODULE
       ltm auth

SYNTAX
       Configure the tacacs component within the ltm auth module using the
       syntax shown in the following sections.

   CREATE/MODIFY
	create tacacs [name]
	modify tacacs [name]
	  options:
	    accounting [send-to-all-servers | send-to-first-server]
	    authentication [use-all-servers | use-first-server]
	    debug [disabled | enabled]
	    description [string]
	    encryption [disabled | enabled]
	    protocol [none | [protocol] ]
	    secret [ "[string]" ]
	    servers
	      [add | delete | replace-all-with] {
		[ [ [hostname[:port]] | [ip address[:port]] ] ... ]
	    }
	    service [ [name] | none] ]

	edit tacacs [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list tacacs
	list tacacs [ [ [name] | [glob] | [regex] ] ... ]
	show running-config tacacs
	show running-config tacacs [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete tacacs [name]

DESCRIPTION
       Using a TACACS+ configuration object and profile, you can implement the
       TACACS+ authentication module as the mechanism for authenticating
       client connections passing through the BIG-IP Local Traffic Manager
       system. You use this module when your authentication data is stored on
       a remote TACACS+ server. In this case, client credentials are based on
       basic HTTP authentication (that is, user name and password).

       To implement a TACACS+ authentication module and create a TACACS
       configuration object:

       1. Use the tacacs component in the ltm auth module to configure a
       TACACS+ configuration object.
       2. Use the profile component in the ltm auth module to create an
       authentication profile in which you specify the following options:
	    a. For the configuration option, specify the TACACS+ configuration
	    object that you created in Step 1.
	    b. For the defaults-from option, specify a parent profile (either
	    the default TACACS+ profile named tacacs or another custom profile
	    that you created).

EXAMPLES
       create tacacs my_tacacs_auth secret "This is the secret" servers add
       {my_tacacs_server} encryption enabled

       Enables encryption for TACACS+ packets.

       create tacacs my_tacacs_auth secret "This is the secret" servers add {
       my_tacacs_server1 my_tacacs_server2 } accounting send-to-all-servers

       Provides the ability to send accounting start and stop packets to all
       servers

OPTIONS
       accounting
	    If multiple TACACS+ servers are defined and pluggable
	    authentication module (PAM) session accounting is available,
	    specifies where the system sends accounting start and stop
	    packets. Possible values are:

	    send-to-all-servers
		 Sends to all servers.

	    send-to-first-server
		 Sends to the first available server.

       authentication
	    Specifies when to use the secret key supplied for the secret
	    option. This option is required. The options are:

	    use-all-servers
		 Use the secret key with all servers.

	    use-first-server
		 Use the secret key with the first available server.

       debug
	    Enables syslog-ng debugging information at LOG DEBUG level. F5
	    Networks does not recommend this option for normal use. The
	    default value is disabled.

       description
	    User defined description.

       encryption
	    Enables or disables encryption of TACACS+ packets. F5 Networks
	    recommends this option for normal use. The default value is
	    enabled.

       glob Displays the items that match the glob expression. See help glob
	    for a description of glob expression syntax.

       name Specifies a unique name for the component. This option is required
	    for the commands create, delete, and modify.

       partition
	    Displays the administrative partition within which the component
	    resides.

       protocol
	    Specifies the protocol associated with the value specified in the
	    service option, which is a subset of the associated service being
	    used for client authorization or system accounting.

       regex
	    Displays the items that match the regular expression. The regular
	    expression must be preceded by an at sign (@[regular expression])
	    to indicate that the identifier is a regular expression. See help
	    regex for a description of regular expression syntax.

       secret
	    Sets the secret key used to encrypt and decrypt packets sent or
	    received from the server. This option is required.

       servers
	    Specifies the host name or IPv4 address of the TACACS+ server. For
	    each server, a port may optionally be specified in the format
	    hostname:port or IPv4:port. If no port is specified, the default
	    port 49 is used. This option is required.

       service
	    Specifies the name of the service that the user is requesting to
	    be authenticated to use. Identifying the service enables the
	    TACACS+ server to behave differently for different types of
	    authentication requests. This option is required.

SEE ALSO
       create, delete, edit, glob,   list, ltm auth profile, ltm virtual,
       modify, regex, show, tmsh,

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2012. All rights reserved.



BIG-IP				  2014-09-29		    ltm auth tacacs(1)