Security
TACACS+ 配置:如何接收 priv-lvl 值?
我需要配置 TACACS+ 伺服器以了解給定使用者是否經過身份驗證* 以及他的 priv-lvl 是什麼。作為客戶端,我使用 tactest (tacacs.net) 和 TACACS+ 客戶端 Java 庫 (AXL)。
我試過這個:
user = admin { name = “Admin User” login = cleartext admin service = exec { priv-lvl = 10 } }
並且可以以管理員身份進行身份驗證,但無法獲得他的 priv-lvl。
以下是 tactest 的輸出:
C:\Program Files (x86)\TACACS.net>tactest -s x.x.x.x -k testing123 -u admin -p admin -author -service exec Trying to open connection to x.x.x.x:49 Sending: MajorVersion=12 MinorVersion=0 Type=Authorization SeqNum=1 IsEncrypted=True IsSingleConnect=True SessionID=494431516 DataLength=37 Authorization Method=Debug Priv lvl=1 Auth Type=Ascii Service=None User=admin Port= Rem Addr= Args: service=exec Received Header: MajorVersion=12 MinorVersion=0 Type=Authorization SeqNum=2 IsEncrypted=True IsSingleConnect=False SessionID=494431516 DataLength=6 Received Body: Authorization Status=PassAdd User= Port= Args: Command Pass status = True, Message=, ------------------ SUMMARY STATISTICS ------------------ Total Commands ..................... 1 Successes .......................... 1 Failures ........................... 0 No Results ......................... 0 Time Taken for commands ............ 0,066 secs Avg Possible Transactions/Second ... 15 Network Time per command ........... 0,017 secs Total Network time ................. 0,017 secs Sent Transactions/Second ........... 11,1
有沒有辦法獲得該屬性值?
*我知道這不僅是身份驗證,也是一種授權
我終於找到了解決方案。我只需要將服務名稱更改為任何其他名稱:
user = admin { name = “Admin User” login = cleartext admin service = myservice { priv-lvl = 10 } }
然後我能夠在客戶端獲得 AV 對:
Received Header: MajorVersion=12 MinorVersion=0 Type=Authorization SeqNum=2 IsEncrypted=True IsSingleConnect=False SessionID=952769599 DataLength=18 Received Body: Authorization Status=PassAdd User= Port= Args: priv-lvl=10