¿ì¸® ȸ»ç¿¡¼´Â ´ÙÀ̾ó¾÷À¸·Î Á¢¼ÓÇÏ´Â ÀÎÅÍ³Ý »ç¿ëÀÚ (¿ì¸®ÀÇ ¸ðµ© Ç®·Î ¿¬°áÇϸé ÀÌ´Â ´Ù½Ã µÎ´ëÀÇ ½Ã½ºÄÚ 250x ¿¢¼¼½º ¼¹ö·Î ¿¬°áµÈ´Ù) ÀÇ ÀÎÁõÀ» À§ÇÏ¿© Vikas ¹öÀüÀÇ "xtacacsd" ¸¦ »ç¿ëÇÏ°í ÀÖ´Ù.
Vikas ÆÐÅ°Áö¸¦ (ÃÖ½ÅÆÇÀº ftp://ftp.navya.com/pub/vikas ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù; RPM Çü½ÄÀ¸·Î´Â ³ª¿ÍÀÖÁö ¾Ê´Â °Í °°´Ù.) ÄÄÆÄÀÏÇÏ°í ¼³Ä¡ÇÑ µÚ, ``/etc/inetd.conf'' ÆÄÀÏ¿¡ ´ÙÀ½°ú °°Àº Ç׸ñÀ» Ãß°¡ÇÏ¿©¼ TACACS ¿äûÀÌ ¼ö½ÅµÉ ¶§ ¸¶´Ù inetd µ¥¸ó¿¡ ÀÇÇÏ¿© µ¥¸óÀÌ ÀÚµ¿À¸·Î ½ÇÇàµÇµµ·Ï ÇÏ¿©¾ß ÇÑ´Ù.
# TACACS is a user authentication protocol used for Cisco Router products. tacacs dgram udp wait root /etc/xtacacsd xtacacsd -c /etc/xtacacsd-conf |
±×·± ´ÙÀ½, ``/etc/xtacacsd-conf'' ÆÄÀÏÀ» ÆíÁýÇÏ¿© ½Ã½ºÅÛ¿¡ ¸ÂÃç ÇÊ¿ä¿¡ µû¶ó º¯°æÇÏ¿©¾ß ÇÑ´Ù. (¹°·Ð µðÆúÆ® ¼ÂÆÃÀ» ±×´ë·Î »ç¿ëÇÒ ¼öµµ ÀÖÀ» °ÍÀÌ´Ù)
Note: ÁÖÀÇ: ¸¸¾à ¼¨µµ¿ì Æнº¿öµå¸¦ (ÀÚ¼¼ÇÑ ³»¿ëÀº ¸®´ª½º Æнº¿öµå & ¼¨µµ¿ì ÆÄÀÏ Çü½Ä ¼½¼Ç - Á¦ 6 Àå À» ÂüÁ¶ÇϽÿä) »ç¿ëÇÏ°í ÀÖ´Ù¸é ÀÌ ÆÐÅ°Áö¸¦ »ç¿ëÇϴµ¥ ¹®Á¦°¡ ÀÖÀ» °ÍÀÌ´Ù. ºÒÇàÈ÷µµ, ·¹µåÇÞÀÌ »ç¿ëÀÚ ÀÎÁõÀ» À§ÇÏ¿© »ç¿ëÇÏ´Â PAM (Pluggable Authentication Module) À» ÀÌ ÆÐÅ°Áö´Â Áö¿øÇÏÁö ¾Ê´Â´Ù. ³»°¡ ÀÌ ¹®Á¦¸¦ ÇØ°áÇÏ´Â ¹æ¹ýÀº º°µµÀÇ ``passwd'' ÆÄÀÏÀ» ``/usr/local/xtacacs/etc/'' µð·ºÅ丮¿¡ µÎ´Â °ÍÀÌ´Ù. ÀÌ ÆÄÀÏÀº /etc/ ¿¡ ÀÖ´Â °Í°ú °°Áö¸¸ ¼¨µµ¿ì¸¦ »ç¿ëÇÏÁö ¾Ê´Â´Ù. ÀÌ´Â ¹°·Ð ¾à°£ È¥¶õ½º·± ¹æ½ÄÀÌ´Ù. ¸¸¾à, ÀÌ·¸°Ô Çϱâ·Î ÇÏ¿´´Ù¸é ±× Æнº¿öµå ÆÄÀÏÀÌ ·çÆ®¸¸ ÀÐÀ» ¼ö ÀÖµµ·Ï Æ۹̼ÇÀ» Á¶Á¤ÇØÁÖ¾î¾ß ÇÑ´Ù:
chmod a-wr,u+r /usr/local/xtacacs/etc/passwd |
Á¤¸»·Î ¼¨µµ¿ì¸¦ »ç¿ëÇÑ´Ù¸é, ``/etc/xtacacsd-conf'' ÆÄÀÏÀ» ÆíÁýÇÏ¿© ¼¨µµ¿ì°¡ ¾Æ´Ñ Æнº¿öµå ÆÄÀÏÀÇ (¾Õ¿¡¼ ¼³¸íÇÑ ³»°¡ ¾²´Â ¹æ½ÄÀ» ¾´´Ù¸é) À§Ä¡¸¦ ¾Ë·ÁÁÖ¾î¾ß ÇÑ´Ù.
±× ´ÙÀ½ ´Ü°è´Â ¾×¼¼½º ¼¹ö°¡ (´ÙÀ̾ó¾÷ ¸ðµ©°ú °°ÀÌ) ¿øÇÏ´Â ÀåÄ¡·Î µé¾î¿À´Â ·Î±×ÀÎÀ» TACACS ¸¦ ÀÌ¿ëÇÏ¿© ÀÎÁõÇϵµ·Ï ¼³Á¤ÇÏ´Â °ÍÀÌ´Ù. ¾î¶»°Ô ¼³Á¤ÇÏ´ÂÁö¸¦ º¸¿©ÁÖ´Â ¼¼¼ÇÀÇ ¿¹´Â ´ÙÀ½°ú °°´Ù:
mail:/tftpboot# telnet xyzrouter Escape character is '^]'. User Access Verification Password: **** xyzrouter> enable Password: **** xyzrouter# config terminal Enter configuration commands, one per line. End with CNTL/Z. xyzrouter(config)# tacacs-server attempts 3 xyzrouter(config)# tacacs-server authenticate connections xyzrouter(config)# tacacs-server extended xyzrouter(config)# tacacs-server host 123.12.41.41 xyzrouter(config)# tacacs-server notify connections xyzrouter(config)# tacacs-server notify enable xyzrouter(config)# tacacs-server notify logouts xyzrouter(config)# tacacs-server notify slip xyzrouter(config)# line 2 10 xyzrouter(config-line)# login tacacs xyzrouter(config-line)# exit xyzrouter(config)# exit xyzrouter# write Building configuration... [OK] xyzrouter# exit Connection closed by foreign host. |
¸ðµç TACACS È°µ¿ ·Î±× ¸Þ½ÃÁö´Â »ó¼¼ÇÑ °Ë»ç¸¦ À§ÇÏ¿© ``/var/log/messages'' ÆÄÀÏ¿¡ ±â·ÏµÈ´Ù.