feature request: tac_plus-ng support 2nd key for device (NAS)
23 views
Skip to first unread message
Petr Issakov
Jun 17, 2025, 7:47:55 AMJun 17
to Event-Driven Servers
Hi Marc!
Very appreciate to you for your tacplus-ng solution.
I use it about 1 year after all crs and fixes on heavy load network and all is fine
It would be great if tacplus-ng support more than 1 specific device key
Just like this:
device mbh_TZ {
key = testing1
key_bak = testing2
tag = Cisco,Huawei
address = 10.11.1.0/24
}
key_bak will use only if key=testing1 not fit for requests decrypting
It will be very usefull for key-rotation routine on whole network. At now key changing routine affect to device access through tacacs on long time and turns into a headache
Very appreciate to you for your tacplus-ng solution.
I use it about 1 year after all crs and fixes on heavy load network and all is fine
It would be great if tacplus-ng support more than 1 specific device key
Just like this:
device mbh_TZ {
key = testing1
key_bak = testing2
tag = Cisco,Huawei
address = 10.11.1.0/24
}
key_bak will use only if key=testing1 not fit for requests decrypting
It will be very usefull for key-rotation routine on whole network. At now key changing routine affect to device access through tacacs on long time and turns into a headache
Marc Huber
Jun 17, 2025, 12:16:22 PMJun 17
to event-driv...@googlegroups.com
Hi Petr,
thanks, great that the software works well for you!
Regarding multi-key support, that's already there. You can just add more keys in host context:
device ... {
key = demo # primary key
key = demo2 # secondary key
key warn = demo3 # log warning to syslog when used
key warn 2025-06-30 = demo4 # log warning if date is reached
}
This works for RADIUS secrets (radius.key), too.
Cheers,
Marc
It will be very usefull for key-rotation routine on whole network. At now key changing routine affect to device access through tacacs on long time and turns into a headache --
You received this message because you are subscribed to the Google Groups "Event-Driven Servers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to event-driven-ser...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/event-driven-servers/9561cbc3-2c18-467d-a517-3ff83c5cfa17n%40googlegroups.com.
Petr Issakov
Jun 17, 2025, 10:57:54 PMJun 17
to event-driv...@googlegroups.com
Hi, Marc!
Wow, cool!
Thank you very much!
вт, 17 июн. 2025 г. в 22:16, Marc Huber <marc.j...@gmail.com>:
You received this message because you are subscribed to a topic in the Google Groups "Event-Driven Servers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/event-driven-servers/QZ-2l-ISc1k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to event-driven-ser...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/event-driven-servers/b17e4739-18ab-4202-99aa-215228fc9876%40googlemail.com.
Reply all
Reply to author
Forward
0 new messages