Gtac: GUI Wrapper for TACACS+ Freeware Daemon --------------------------------------------- Author: Sam Tannous (stannous@cisco.com) System Requirments ================================================================= Gtac uses the TACACS+ freeware daemon as its engine. So it goes without saying that you need to have downloaded the TAC_PLUS developers toolkit, compiled the server, and installed it properly so that Gtac can execute it. I've included a precompiled binary of version 4.0.2 for Linux-i386 users. I've also included a binary of Gtac for testing purposes. The latest package is usually found at ftp://ftp-eng.cisco.com/pub/tacacs+/tac_plus...... Getting the daemon compiled on a Linux system may require some tweeking. See the file diffs-for-linux.txt for details on what needs to be changed to get the tac+ freeware daemon to compile properly. One other big requirement is that you run Gtac from a UNIX machine. Another requirement is that you have installed the GTK (at least 1.0.1) package (GIMP Toolkit). This can be found at www.gtk.org. RPM packages are available for Redhat users (you will need the developement kit to compile this code). All of the developement and testing was done on a Redhat (5.1) Linux (2.0.35) system and on SunOS 5.5.1 (Solaris) with gtk version 1.0.1 or later. I have not tried to port this to NT. That's not to say that it would not work. Although I believe that ports of GTK to NT and WIN95 are in progress. There are several system calls (like "ps", "kill", and actually running the server). These can be found by searching the source code for "popen". I used the GTK toolkit primarily because it was free, easy to learn, looks great, and has a fair number of users (if I get stuck!). I'm writing this code primarily for enjoyment and in the hope that it will allow more users to use the freeware daemon on UNIX systems (this is my first attempt at a GUI so please be nice and try not to die laughing...). Legalities ==================================================================== Copyright (c) 1998 by Cisco systems, Inc. Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies of the software and supporting documentation, the name of Cisco Systems, Inc. not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that modification, copying and distribution is by permission of Cisco Systems, Inc. Cisco Systems, Inc. makes no representations about the suitability of this software for any purpose. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Please NOTE: None of the code available here comes with any warranty or support, however, comments or questions may be addressed to me via email at stannous@cisco.com and I will do my best to handle them, though I cannot guarantee a timely response, as this code is UNSUPPORTED. Cisco systems also maintains an extensive World Wide Web site at http://www.cisco.com/ Information on TACAC+ Protocol and the freeware daemon ================================================================== PLEASE SEE THE USERS GUIDE THAT COMES WITH THE TAC_PLUS FREEWARE DAEMON FOR MORE INFORMATION ON USING THE TACACS+ PROTOCOL AND MANUALLY RUNNING THE DAEMON ITSELF. In addition to Cisco's web site, there are two mailing lists which may be of interest to users of Tacacs+. The first is a mailing list run by spot.Colorado.EDU which discusses many things pertaining to Cisco products. It is not run by Cisco Systems, Inc. and is not part of Cisco's formal service request channels, however, many knowledgeable people, including staff members of Cisco Systems, Inc. voluntarily read and respond on the list. Requests to be added to or deleted from the list at spot.Colorado.EDU, along with other administrative issues concerning it can be sent to: cisco-request@spot.Colorado.EDU There is also a relatively new list called TACPLUS-L, run by disaster.com, created for the purpose of information exchange between TACACS+ Users. It is intended as a supplement to the list at spot.Colorado.EDU, aiding TACACS+ users and prospective users in many issues including but not limited to technical support, bug reports and workarounds, configuration information, recommendations for future versions of TACACS+, and general talk about TACACS+ development, implementation, administration, etc. Please note that neither of these lists is in fact connected with Cisco Systems, Inc. or any of its subsidiaries. Standard etiquette rules apply. To subscribe to the TACPLUS-L list, send a message to tacplus-l-request@disaster.com In the body of the letter, enter SUBSCRIBE TACPLUS-L your Name to be automatically added, or visit their web page at http://www.disaster.com/tacplus/. Also, Robert Kiessling maintains a TACACS+ FAQ at http://www.easynet.de/tacacs-faq. Lastly, I am always interested in seeing contributed patches and ideas, so consider mailing any modifications you make, as context diffs (be sure to indicate with the version your patches are based on), to stannous@cisco.com. As always, no support is implied, nor any assurance that patches will be made available via ftp (though that is my intent) or incorporated into any code. Compiling the code ==================================================================== Right now, the code base is fairly small so I use only one source file (gtac.c) and a fairly simple makefile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC = gcc gtac: gtac.c $(CC) `gtk-config --cflags` `gtk-config --libs` gtac.c -o gtac clean: rm -f gtac.o gtac ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There's a little magic here that may only be familiar to users of the gtk toolkit. The `gtk-config --cflags' is shorthand for writing "-I/usr/lib/glib/include -I/usr/X11R6/include" on my machine and `gtk-config --libs` is short for -L/usr/lib -L/usr/X11R6/lib -lgtk -lgdk -lglib -lXext -lX11 -lm. (on my Solaris box, gtk-config --cflags is -I/usr/local/lib/glib/include -I/usr/local/include -I/opt/X11R6.1/include and gtk-config --libs resolves to -L/usr/local/lib -L/opt/X11R6.1/lib -R/opt/X11R6.1/lib -lgtk -lgdk -lglib -lXext -lX11 -lsocket -lnsl -lm) This is a fairly standard trick for gtk makefiles. Once you have compiled the program, you should end up with one small (~50k) executable called gtac. Put it wherever you like. Keep in mind that it will attempt to run the daemon just like you would (meaning that if you require root to run the daemon, you should start gtac as root). Using Gtac ======================================================== Assuming you have compiled the code, you will end up with a small executable (~50k) called gtac. When you start this program, you should see a small screen with a notebook and menu. The notebook has three tabs: Server, Groups, and Users. Right now, only the Server tab has any functionality. I'm trying to add more functionality to the group and users tabs. On the server page, the first thing you should do is make sure the server filename and path are correct. Use the browse button to the right of the text entry to find the server filename by traversing the directories or simply type it in the field. The same applies for the config filename and the debug filename. The GUI is pretty useless if you don't have the server filename and the config filename correct. The tacacs+ configuration file that the daemon will parse can be edited in a handy text editor (Edit Button) to the right of the entry field. The debug level can be set by checking the various checkbuttons at the bottom of the server notetab. You will need to restart the server to have your changes take effect (or you could simply stop and then start the server....same thing). And that's about all it does right now. I'm trying to add more functionality as I have time. I think it's fairly useful right now even though you have to hand edit the configuration files. ==========================================================