Home: Perl Programming Help: Beginner:
Authenticating username/password with TACACS+


Aug 28, 2012, 9:59 PM

Views: 1908
Authenticating username/password with TACACS+

My perl script accesses several devices through an SSH connection. The connection is verified by a Cisco ACS server using TACACS+. After three failed attempts by a user to connect via SSH the users account is locked out.

I need to verify the users credentials against the TACACS server and warn the user if it fails, before my script starts accessing our devices.

I'm trying to use the Authen::TacacsPlus module, but every attempt to validate results in an "Authentication Failed" error message.

What I have verified:
- I can manually SSH to one of our devices and authenticate properly.
- The username/password combination is good. It's my own and I can connect to our devices.
- The key matches the one found on our devices.
- The server IP matches the one found on our devices.
- Our server, which us running the perl script, has been added to the Cisco ACS server.

Below is the code I'm testing with... username/password changed of course.


use Authen::TacacsPlus;

$command= $];

print "Perl version : $command\n";

my $user='username';
my $password='userpass';

my $tac = new Authen::TacacsPlus(Host=>'', Key=>'us3r@@cc3ss');

my $result = $tac->authen( "$user", "$pass" );

print "Msg: " . Authen::TacacsPlus::errmsg() . "\n";
print "Result: $result\n";


The result always looks like this:
Perl version : 5.008008
Msg: Authentication failed
Result: 0