Database Authentication and Accounting with Tacacs+ This document aim to describe how to perform database Authentication and Accounting for tacacs+. Requirements: 1) Tacacs+ v7.src.rpm or v7.tgz files or latter version 2) Mysql 3.22.32 or latter version with devel packet 3) Gcc and other GNU devel tools Request for Reading: 1) RPM Howto & man pages 2) MySQL Reference Manual First of all you must compile tacacs+ source with db feature. Compiling src.rpm This is very easy in v7. Just install src.rpm file by command: #rpm -ivh tac_plus-F4.0.3.alpha-7.src.rpm Then change directory to RPM Spec.(In redhat this is /usr/src/redhat) #cd /usr/src/redhat/SPECS Edit the tacacs.spec file and add following option to configure line: ./configure --with-pam --with-db --with-mysql Next try to make RPM packet by command: #rpm -bb tacacs.spec If its done try to install to system. (Prepared packets put in /usr/src/redhat/RPMS/i386 directory) Installation command is: #rpm -i tac_plus.xxx.i386.rpm Note that please backup necessary tacacs config files before this action. Compling tgz(tarball) Unpack the tarball by command: #tar zxvf tac_plus.v7.tgz Change directory to in tac_plus source. Try to configure the source by command: #./configure --with-db --with-mysql If it's done without problem. Try to make binary # make tac_plus If you got error with mysql librarys try to configure with option --with-mysql-prefix=. For example --with-mysql-prefix=/opt/mysql +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ I remember when i try to compile any C codes which it have MySQL API code i have got some error message. The error like that: In file included from db_mysql.c:9: /opt/mysql/include/mysql/mysql.h:237: parse error before `1' /opt/mysql/include/mysql/mysql.h:238: parse error before `1' Because mysql.h have some wrong lines: int STDCALL mysql_create_db(MYSQL *mysql, const char *DB); int STDCALL mysql_drop_db(MYSQL *mysql, const char *DB); DB structure isn't defined But if you going to be change these lines with: int STDCALL mysql_create_db(MYSQL *mysql, const char *db); int STDCALL mysql_drop_db(MYSQL *mysql, const char *db); You can compile your codes without warning.. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Next ; use command "make install" or install manually Create Database and Tables in RDBMS side: For MySQL: You can find tacacs.sql in DOCUMENT_DIR/tacacs/ directory at RPM based system In tarball file it's in source directory. Create database and related tables for tacacs by command: #mysqlclient -u root -p < tacacs.sql Next add tacacs user to Mysql DBMS: #mysql -u root -p mysql>use mysql mysql>insert into user (Host,User,Password) values ("localhost","tacacs",PASSWORD("changeme")); mysql>GRANT ALL ON tacacs.* TO tacacs; mysql>FLUSH PRIVILEGES; For get more information about mysql PRIVILEGE system please refer MySQL documentation. Configure tacacs+ to use DBMS for Authentication: Uncomment lines in tac_plus.cfg and change default authentication = db "mysql://tacacs:changeme@localhost/tacacs/auth?usern&passwd" Configure tacacs+ to use DBMS for Accounting: db_accounting = "mysql://tacacs:changeme@localhost/tacacs/acct" Please note that in DB Authentication the passwd field is must be in ENCRYPTED form. (You must use crypt() or MySQL ENCRYPT function to genarate it). Thats all.. devrim