|
|
TACACS+ Daemon for Novell Netware
Скачать/Download Tacacsd
Info
Enables user to login to network devices, that supports TCP TACACS+ authentication, with NDS account.
Tested on some Cisco routers.
Starting daemon
load tacacsd <SecretKey> O=<NDS context for objects>
Service listen for connections on TACACS+ TCP port (49).
Using TACACS+ Service
Scenario 1:
User, that access to network service, present in NDS.
Network access server object not present in working NDS context.
Step0: Network_device asks User for user_name
Step1: User enter user_name
Step2: Network_device asks User for user_password
Step3: User enter user_password
Step4: Network_device asks Tacacs+ about user_name,
user_password, user address and Network_device address
Step5: Tacacs+ checks user_name and user_password for validity
and checks user_name for address restrictions
Step6: Tacacs+ tells Network_device that user_name and
user_password is correct/not correct
Step7: Network_device grants/restricts access for User
|
User's network address restrictions
|
Scenario 2:
User, that access to network service, present in NDS.
Network access server object present in working NDS context.
Step0: Network_device asks User for user_name
Step1: User enter user_name
Step2: Network_device asks User for user_password
Step3: User enter user_password
Step4: Network_device asks Tacacs+ about user_name,
user_password, user address and Network_device address
Step5: Tacacs+ checks user_name and user_password for validity
Tacacs+ checks user_name for address restrictions
Tacacs+ finds Network_device by address
Tacacs+ checks user_name for existance in Network_device's
Operator List
Step6: Tacacs+ tells Network_device that user_name and
user_password is correct/not correct for this Network_device
Step7: Network_device grants/restricts access for User
|
User's network address restrictions
Network_device NDS object
Network_device's Operator List
Network_device's Network Address
|
|
|
|