beautypg.com

Changing a server-side tacacs+ account password, Defining a server-side tacacs+ group, Setting a server-side account expiration date – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 292: Configuring a tacacs+ server key

background image

pap = cleartext "pap password"

service = exec {

brcd-role = vlanadmin;

}

}

The following example assigns the user "Agnes" a single password for all types of login authentication.

user = Agnes {

global = cleartext "Agnes global password"

}

Alternatively, a user can be authenticated using the /etc/passwd file. Configure the account as shown
in the following example.

user = fred {

login = file /etc/passwd

}

Changing a server-side TACACS+ account password

Changing a TACACS+ user password is done on the server by editing the TACACS+ server
configuration file.

Defining a server-side TACACS+ group

A TACACS+ group or role can contain the same attributes as the users. By inference, all the attributes
of a group can be assigned to any user to whom the group is assigned. The TACACS+ group, while
functionally similar to the Brocade role concept, has no relation with the value of "brcd-role" attribute.

The following example defines a TACACS+ group.

group = admin {

# group admin has a cleartext password which all members share

# unless they have their own password defined

chap = cleartext "my$parent$chap$password"

}

The following example assigns the user "Brocade" with the group "admin".

user = Brocade {

member = admin

pap = cleartext "pap password"

}

Setting a server-side account expiration date

You can set an expiration date for an account by using the "expires" attribute in the TACACS+ server
configuration file. The expiration date has the format "MMM DD YYYY "

user = Brocade {

member = admin

expires = "Jan 1 2011"

pap = cleartext "pap password"

}

Configuring a TACACS+ server key

The TACACS+ server key is the shared secret used to secure the messages exchanged between the
Brocade switch and the TACACS+ server. The TACACS+ server key must be configured on both the
TACACS+ server and the client Brocade switch. Only one key is defined per server in the TACACS+
server configuration file. The key is defined as follows:

key = "vcs shared secret"

Changing a server-side TACACS+ account password

292

Network OS Administrator’s Guide

53-1003225-04

See also other documents in the category Brocade Computer Accessories: