From 01548ace1533487f9c0488f55112c9d8641f8184 Mon Sep 17 00:00:00 2001 From: ru Date: Fri, 2 Jul 2004 23:52:20 +0000 Subject: Mechanically kill hard sentence breaks. --- lib/libtacplus/tacplus.conf.5 | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) (limited to 'lib/libtacplus/tacplus.conf.5') diff --git a/lib/libtacplus/tacplus.conf.5 b/lib/libtacplus/tacplus.conf.5 index 6f7130f..e68982d 100644 --- a/lib/libtacplus/tacplus.conf.5 +++ b/lib/libtacplus/tacplus.conf.5 @@ -35,23 +35,29 @@ .Sh DESCRIPTION .Nm contains the information necessary to configure the TACACS+ client -library. It is parsed by +library. +It is parsed by .Fn tac_config (see .Xr libtacplus 3 ) . The file contains one or more lines of text, each describing a -single TACACS+ server which is to be used by the library. Leading +single TACACS+ server which is to be used by the library. +Leading white space is ignored, as are empty lines and lines containing only comments. .Pp -A TACACS+ server is described by two to four fields on a line. The -fields are separated by white space. The +A TACACS+ server is described by two to four fields on a line. +The +fields are separated by white space. +The .Ql # character at the beginning of a field begins a comment, which extends -to the end of the line. A field may be enclosed in double quotes, +to the end of the line. +A field may be enclosed in double quotes, in which case it may contain white space and/or begin with the .Ql # -character. Within a quoted string, the double quote character can +character. +Within a quoted string, the double quote character can be represented by .Ql \e\&" , and the backslash can be represented by @@ -60,32 +66,40 @@ No other escape sequences are supported. .Pp The first field specifies the server host, either as a fully qualified domain name or as a -dotted-quad IP address. The host may optionally be followed by a +dotted-quad IP address. +The host may optionally be followed by a .Ql \&: -and a numeric port number, without intervening white space. If the +and a numeric port number, without intervening white space. +If the port specification is omitted, it defaults to 49, the standard TACACS+ port. .Pp The second field contains the shared secret, which should be known -only to the client and server hosts. It is an arbitrary string +only to the client and server hosts. +It is an arbitrary string of characters, though it must be enclosed in double quotes if it -contains white space or is empty. An empty secret disables the +contains white space or is empty. +An empty secret disables the normal encryption mechanism, causing all data to cross the network in cleartext. .Pp The third field contains a decimal integer specifying the timeout -in seconds for communicating with the server. The timeout applies -separately to each connect, write, and read operation. If this field +in seconds for communicating with the server. +The timeout applies +separately to each connect, write, and read operation. +If this field is omitted, it defaults to 3 seconds. .Pp The optional fourth field may contain the string .Ql single-connection . If this option is included, the library will attempt to negotiate with the server to keep the TCP connection open for multiple -sessions. Some older TACACS+ servers become confused if this option +sessions. +Some older TACACS+ servers become confused if this option is specified. .Pp -Up to 10 TACACS+ servers may be specified. The servers are tried in +Up to 10 TACACS+ servers may be specified. +The servers are tried in order, until a valid response is received or the list is exhausted. .Pp The standard location for this file is -- cgit v1.1