[tac_plus] question about tac_plus

[Ian Batterbee]

Hi,

We currently use your tac_plus daemon to authenticate logins to numerous
cisco devices. It is also being used to authenticate VPN users on a PIX
firewall. What I would like to do is have the tac_plus server pass a group
policy name back as part of the reply so that the group the user is placed
into can be centrally managed.   I'm pretty sure radius can do this, and it
appears the tacacs protocol is similarly capable, but it's unclear whether
tac_plus provides any way to do it.

The main thing stopping me from figuring this out myself is that I can't
find any documentation for the syntax of the tacacs.conf file - I can find
numerous examples showing how to set up users and command authentication,
but nothing to describe what else is available. The man page for the daemon
notes that the syntax is complex, but doesn't elaborate further.

Is there a URL with the syntax for the config file, or can what I want to do
even be done with tac_plus ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081028/62d0ab3c/attachment.html