Any experience with check_tacacs_plus.pl (NagiosExchange) or Authen::TACACSPlus [SEC=UNCLASSIFIED]

Daniel Lacey daniel_p_lacey at yahoo.com
Wed May 23 03:47:21 CEST 2007

Previous message: Any experience with check_tacacs_plus.pl (NagiosExchange) or Authen::TACACSPlus [SEC=UNCLASSIFIED]
Next message: check SIP server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't know this platform, but....

A TACACS+ server's password database should be invisible to a TACACS client.
The server's purpose is to authenticate in a way that makes such details 
irrelevant.

I would create a separate user for this with little to no 
authorization... You just need to test the authentication server.
The user and password will be stored somewhere in plain text so that the 
script using Authen::TACACSPlus will know how to connect to the server.

ASCII, CHAP or MS-CHAP is just part of the TACACS protocol. So you need 
to know how this is configured on the server.
This is only used between client and server, not between the server and 
the password DB.

Hope this helps!

Stanley.Hopcroft at Dest.gov.au wrote:
> Dear Folks,
>
> Please would you let me or the list know of experience checking the
> TACACS+ server implemented by Cisco in their 'Secure ACS for Windows
> 3.3' product ?
>
> Nagios Exchange has a plugin named check_tacacs_plus.pl that makes use
> of the Authen::TACACSPlus module from CPAN.
>
> I am not sure these will be helpful in checking a Secure ACS that uses
> Windows/AD authentication. That said, since I am very ignorant about
> TACACS+ I am probably wrong in thinking that ASCII, CHAP or MS-CHAP (the
> alternatives supported by Authen::TACACSPlus) passwords don't sound
> right for Windows/AD authentication.
>
> check_tcp on port 49 is a useful standby but hopefully there are other,
> non SNMP, alternatives.
>
> Thank you,
>
> Yours sincerely.
>
> Classification: UNCLASSIFIED
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
>
>   


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Any experience with check_tacacs_plus.pl (NagiosExchange) or Authen::TACACSPlus [SEC=UNCLASSIFIED]
Next message: check SIP server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list