# # An example tac_plus configuration. You should change this # before using it. # # Define where to log accounting data, this is the default. accounting file = /var/log/tac_plus.acct # This is the key that clients have to use to access Tacacs+ key = testing123 # Use /etc/passwd file to do authentication #default authentication = file /etc/passwd # You can use feature like per host key with different enable passwords #host = 127.0.0.1 { # key = test # type = cisco # enable = enablepass # prompt = "Welcome XXX ISP Access Router \n\nUsername:" #} # We also can define local users and specify a file where data is stored. # That file may be filled using tac_pwd #user = test1 { # name = "Test User" # member = staff # login = file /etc/tacacs/tacacs_passwords #} # We can also specify rules valid per group of users. #group = group1 { # cmd = conf { # deny # } #} # Another example : forbid configure command for some hosts # for a define range of clients #group = group1 { # login = file /etc/passwd # service = ppp # protocol = ip { # addr = 10.10.0.0/24 # } # cmd = conf { # deny .* # } #} user = DEFAULT { login = file /etc/passwd service = ppp protocol = ip {} } # Much more features are availables, like ACL, more service compatibilities, # commands authorization, scripting authorization. # See the man page for those features.