000013435 - Tacacs+ install document that can be found in the ISO or full kit.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013435
Applies ToAuthentication Manager 7.1 SP2
2003 Server
Appliance 3,0
TACACS+
IssueTacacs+ install document that can be found in the ISO or full kit.
Document location for TACACS+ install on Linux and Solaris
Resolution

Document can be found in the ISO install mount or the physical CD shipment.

LINUX:

RSA Security Inc.
RSA Authentication Manager TACACS+ Server


OVERVIEW

This document describes how to install, operate, and uninstall the TACACS+ Server.


DESCRIPTION

The TACACS+ Server provided in the current release contains binaries from
the RSA Authentication Manager 6.1.1 patch release. The tacver.txt version file
contains information about the build. RSA Security has preserved the version number
from the 6.1.1 build to correctly label future patches and upgrades.
You can install the TACACS+ Server on the same host as the RSA Authentication Manager
instance node or on a separate host. The installation instructions are the same for
both.


INSTALLATION PREREQUISITES

1) Make sure that RSA Authentication Manager 6.x or earlier is not installed on the
   host where you will install the TACACS+ Server. If RSA Authentication Manager 6.x
   or earlier is installed, uninstall it before proceeding.
2) If you plan to use a PAM agent on the same host as the TACACS+ Server, install the
   TACACS+ Server first. Then, install the PAM agent, pointing it to the data directory
   under the TACACS+ Server installation.


INSTALLATION

To install the TACACS+ Server:

1) From the RSA Authentication Manager Server, copy sdconf.rec to a directory on the host
   machine where you will install the TACACS+ Server.
2) From the directory containing sdconf.rec, execute this command:

       <path to media>/tacplus/linux-x86/tacplusinstall

   NOTE: If there is no sdconf.rec in this directory the installation will fail.
4) Follow the prompts to complete the installation.

To install the TACACS+ Server silently:

1) From the RSA Authentication Manager Server, copy sdconf.rec to a directory on the host
   machine where you will install the TACACS+ Server.
2) From the directory containing sdconf.rec, execute the installation command, providing the
   required parameters as shown in this example:

       <path to media>/tacplus/linux-x86/tacplusinstall [-o yes|no][-f owner:group ][-p path]

 Parameters:
 -o yes         - Overwrite exiting TACACS+ Server installation, if any.
 -o no          - Do not overwrite the existing TACACS+ Server installation,
                         if any. (Default)
 -f owner:group - The owner of the installation, for example, root:root.
 -p path        - The full path of where to install the TACACS+ Server.


OPERATION

Once the TACACS+ Server is installed, you can manage it using the tacplus script.
To start the TACACS+ Server, run:
 tacplus start
To stop the TACACS+ Server, run:
 tacplus stop

For instructions on configuring TACACS+ Server, see the tacplus_user_guide.pdf.


UNINSTALLATION

Uninstallation is a manual procedure.

To uninstall the TACACS+ Server, do one of the following:
1) If the TACACS+ Server is not sharing a host with the PAM agent, remove the entire "ace"
   directory. Also remove the /etc/sdace.txt link.

2) If the TACACS+ Server is sharing host with the PAM agent:
   a) Copy sdconf.rec, the node secret file (usually securid), and sdopts.rec (if it exists)
      from the data directory of the TACACS+ server to the location where you will keep the
      PAM agent configuration files.
   b) Update the PAM agent sd_pam.conf file to point to this location.
   c) Remove the entire "ace" directory and the /etc/sdace.txt link.

 

Legacy Article IDa49350

Attachments

    Outcomes