我需要configurationTACACS +服务器来知道给定的用户是否被authentication*以及他的priv-lvl是什么。 作为客户端,我使用的是tactest(tacacs.net)和TACACS +客户端Java库(AXL)。
我试过这个:
user = admin { name = “Admin User” login = cleartext admin service = exec { priv-lvl = 10 } } 并可以作为pipe理员进行身份validation,但不能得到他的特权。
这是来自tactest的输出:
C:\Program Files (x86)\TACACS.net>tactest -s xxxx -k testing123 -u admin -p admin -author -service exec Trying to open connection to xxxx:49 Sending: MajorVersion=12 MinorVersion=0 Type=Authorization SeqNum=1 IsEncrypted=True IsSingleConnect=True SessionID=494431516 DataLength=37 Authorization Method=Debug Priv lvl=1 Auth Type=Ascii Service=None User=admin Port= Rem Addr= Args: service=exec Received Header: MajorVersion=12 MinorVersion=0 Type=Authorization SeqNum=2 IsEncrypted=True IsSingleConnect=False SessionID=494431516 DataLength=6 Received Body: Authorization Status=PassAdd User= Port= Args: Command Pass status = True, Message=, ------------------ SUMMARY STATISTICS ------------------ Total Commands ..................... 1 Successes .......................... 1 Failures ........................... 0 No Results ......................... 0 Time Taken for commands ............ 0,066 secs Avg Possible Transactions/Second ... 15 Network Time per command ........... 0,017 secs Total Network time ................. 0,017 secs Sent Transactions/Second ........... 11,1
有没有办法获得该属性值?
*我知道,这不仅是身份validation,而且也是一种授权
我终于find了解决办法。 我只需要将服务名称更改为任何其他名称:
user = admin { name = “Admin User” login = cleartext admin service = myservice { priv-lvl = 10 } }
然后,我可以在客户端获得AV对:
Received Header: MajorVersion=12 MinorVersion=0 Type=Authorization SeqNum=2 IsEncrypted=True IsSingleConnect=False SessionID=952769599 DataLength=18 Received Body: Authorization Status=PassAdd User= Port= Args: priv-lvl=10