Table 20 Brocade Custom Tacacs+ Attributes - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
5
Remote authentication
Configuring the TACACS+ server on LINUX
FabricOS software supports TACACS+ authentication on a LINUX server running the Open Source
TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the
following steps.
1. Download the TACACS+ software from http://www.cisco.com and install it.
2. Configure the TACACS+ server by editing the tac_plus.cfg file.
3. Run the tac_plus daemon to start and enable the TACACS+ service on the server.
The tac_plus.cfg file
All configuration of the TACACS+ server is done in the tac_plus.cfg file. Open the file by using the
editor of your choice and customize the file as needed.
You must add users into this file and provide some attributes specific to the Brocade
implementation.
TABLE 20
Attribute
brcd-role
brcd-AV-Pair1
brcd-AV-Pair2
brcd-passwd-expiryDate
brcd-passwd-warnPeriod
Adding a user and assigning a role
When adding a user to the tac_plus.cfg file, you should at least provide the brcd-role attribute. The
value assigned to this attribute should match a role defined for the switch. When a logon is
authenticated, the role specified by the brcd-role attribute represents the permissions granted to
the account. If no role is specified, or if the specified role does not exist on the switch, the account
is granted user role permissions only.
Refer to
The following fragment from a tac_plus.cfg file adds a user named fosuser1 and assigns the
securityAdmin role to the account.
user = fosuser1 {
}
172
Refer to the Cisco documentation for installation instructions.
Refer to
"The tac_plus.cfg file"
Example
> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg
Table 20
lists and defines attributes specific to Brocade.
Brocade custom TACACS+ attributes
Purpose
Role assigned to the user account
The Admin Domain or Virtual Fabric member list, and chassis role
The Admin Domain or Virtual Fabric member list, and chassis role
The date on which the password expires
The time before expiration for the user to receive a warning message
"Role-Based Access Control"
chap = cleartext "my$chap$pswrd"
pap
= cleartext "pap-password"
service = exec {
brcd-role = securityAdmin;
}
(below) for details.
on page 134 for details about roles.
Fabric OS Administrator's Guide
53-1002745-02
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
