|
|
| Author |
Message |
msw1970
Cacti User
Joined: 09 Jan 2007
Posts: 149
|
 Posted: Wed May 28, 2008 5:07 pm Post subject: Cacti - TACACS+ Authentication |
 |
|
| Has anyone considered extending the current authentication methods to include TACACS+ Authentication for users. Currently we heavily use TACACS+ to control access onto our switches... It would be great to be able to extend the group structure we have within our TACACS+ server to control who can do what and which graphs they have the rights to see. |
|
| Back to top |
|
 |
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5379
Location: Wisconsin, USA
|
| Posted: Thu May 29, 2008 8:53 am Post subject: |
|
|
| If you use the Web Basic authentication in Cacti and then setup Apache to use Radius authentication for your Cacti directory, you should get the desired effect. |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9257
Location: MI, USA
|
| Posted: Thu May 29, 2008 8:32 pm Post subject: |
|
|
In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.
TheWitness |
|
| Back to top |
|
|
zuessi
Joined: 13 Sep 2004
Posts: 14
Location: Switzerland
|
| Posted: Wed Jun 04, 2008 3:09 am Post subject: |
|
|
I would be very interested of such an integration!
Thanks for your great work
Zuessi |
|
| Back to top |
|
|
jfarese
Joined: 06 Dec 2006
Posts: 16
|
| Posted: Fri Jun 06, 2008 1:32 pm Post subject: |
|
|
| are you using ACS as the backend server.. if so use authxradius in apache with web basic auth and have it authenticate against the radius side of the ACS server.. This is how we do it and it works great. |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9257
Location: MI, USA
|
| Posted: Sat Jun 07, 2008 1:03 pm Post subject: |
|
|
I think the apache mod should be enough. So you concur, or would you still ike the guidance?
Regards,
TheWitness |
|
| Back to top |
|
|
msw1970
Cacti User
Joined: 09 Jan 2007
Posts: 149
|
| Posted: Sat Jun 07, 2008 1:06 pm Post subject: |
|
|
| TheWitness wrote: | I think the apache mod should be enough. So you concur, or would you still ike the guidance?
Regards,
TheWitness |
I'm going to give the apache mod a try and see if that works. I'm currently in the process of building a new server for Cacti as the one I've got it on is starting to chugg... It's only got 512Mb ram and I've now got approx 700 devices and 4,500 data sources on it, so I'll try it on that when I've got it working....
Takes a while to get a server setup though once you've jumped through all the hoops our security department insist on!!! |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9257
Location: MI, USA
|
| Posted: Sat Jun 07, 2008 1:37 pm Post subject: |
|
|
You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.
TheWitness |
|
| Back to top |
|
|
msw1970
Cacti User
Joined: 09 Jan 2007
Posts: 149
|
| Posted: Sat Jun 07, 2008 1:41 pm Post subject: |
|
|
| TheWitness wrote: | You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.
TheWitness |
New server's gonna be a virtual server with 2 CPU's and 2Gb ram so should be enough!! |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
