Server Technology Switched Rack PDU Installation And Operation Manual - page 131
Switched PDU
Installation and Operations Manual
Advanced Operations 131
Displaying TACACS account access:
The List TacPriv command displays all access rights for a TACACS+ account.
To display TACACS account access:
At the Switched CDU: prompt, type list tacpriv, optionally followed by a TACACS+ account. Press Enter.
Example
The following command displays information about the TACACS+ account 1:
Switched CDU: list tacpriv 1
TACACS+ Privilege Level: 1
Outlet Outlet
ID Name
.A1 DataServer_1
.A2 WebServer_1
Groups:
ServerGroup_1
ServerGroup_2
More (Y/es N/o): Y
Ports:
Port ID Port Name
Console Console
Members of the TACACS privilege level 1 account can access the following outlets, outlet groups and serial ports:
outlet A1 which has a descriptive name of DataServer_1, outlet A2 which has a descriptive name of WebServer_1,
group ServerGroup_1 group ServerGroup_2 and Console serial port.
TACACS+ Technical Specifications
Authentication START Packet includes:
action = 1 (TAC_PLUS_AUTHEN_LOGIN)
priv_lvl = 0 (TAC_PLUS_PRIV_LVL_MIN)
authen_type = 1 (TAC_PLUS_AUTHEN_TYPE_ASCII)
service = 1 (TAC_PLUS_AUTHEN_SVC_LOGIN)
user = (entered username)
port = (access path into the unit)
rem_addr = ‘Sentry3_xxxxxx’ (xxxxxx is last six digits of MAC address)
data = ‘‘ (null)
NOTE: The password is sent in a “continue” packet.
Authorization REQUEST Packet includes:
authen_method = 6 (TAC_PLUS_AUTHEN_METH_TACACSPLUS)
priv_lvl = 0 (TAC_PLUS_PRIV_LVL_MIN)
authen_type = 1 (TAC_PLUS_AUTHEN_TYPE_ASCII)
authen_service = 1 (TAC_PLUS_AUTHEN_SVC_LOGIN)
user = (entered username)
port = (access path into the unit)
rem_addr = ‘Sentry3_xxxxxx’ (xxxxxx is last six digits of Ethernet MAC address)
service = ‘shell’ (for exec)
cmd = ‘‘ (null)
NOTE: The access paths into the PDU which support TACACS+ are Console, Telnet, SSH, HTTP, and HTTPS. For Console and
Modem, an administrator is allowed to rename these ports, in which case the assigned name is used.