NAME¶
Smokeping::probes::TacacsPlus - a TacacsPlus authentication probe for SmokePing
OVERVIEW¶
Measures TacacsPlus authentication latency for SmokePing
SYNOPSIS¶
*** Probes ***
+TacacsPlus
forks = 5
offset = 50%
passwordfile = /some/place/secret
secretfile = /another/place/secret
step = 300
# The following variables can be overridden in each target section
authtype = CHAP
mininterval = 1
password = test-password
pings = 5
port = 49
secret = test-secret
timeout = 5
username = test-user # mandatory
# [...]
*** Targets ***
probe = TacacsPlus # if this should be the default probe
# [...]
+ mytarget
# probe = TacacsPlus # if the default probe is something else
host = my.host
authtype = CHAP
mininterval = 1
password = test-password
pings = 5
port = 49
secret = test-secret
timeout = 5
username = test-user # mandatory
DESCRIPTION¶
This probe measures TacacsPlus authentication latency for SmokePing.
The username to be tested is specified in either the probe-specific or the
target-specific variable `username', with the target-specific one overriding
the probe-specific one.
The password can be specified either (in order of precedence, with the latter
overriding the former) in the probe-specific variable `password', in an
external file or in the target-specific variable `password'. The location of
this file is given in the probe-specific variable `passwordfile'. See
Smokeping::probes::passwordchecker(3pm) for the format of this file
(summary: colon-separated triplets of the form
`<host>:<username>:<password>')
The TacacsPlus protocol requires a shared secret between the server and the
client. This secret can be specified either (in order of precedence, with the
latter overriding the former) in the probe-specific variable `secret', in an
external file or in the target-specific variable `secret'. This external file
is located by the probe-specific variable `secretfile', and it should contain
whitespace-separated pairs of the form `<host> <secret>'. Comments
and blank lines are OK.
The default TacacsPlus authentication type is ASCII. PAP and CHAP are also
available. See the Authen::TacacsPlus documentation for more information;
The probe tries to be nice to the server and does not send authentication
requests more frequently than once every X seconds, where X is the value of
the target-specific "min_interval" variable (1 by default).
VARIABLES¶
Supported probe-specific variables:
- forks
- Run this many concurrent processes at maximum
Example value: 5
Default value: 5
- offset
- If you run many probes concurrently you may want to prevent
them from hitting your network all at the same time. Using the
probe-specific offset parameter you can change the point in time when each
probe will be run. Offset is specified in % of total interval, or
alternatively as 'random', and the offset from the 'General' section is
used if nothing is specified here. Note that this does NOT influence the
rrds itself, it is just a matter of when data acqusition is initiated.
(This variable is only applicable if the variable 'concurrentprobes' is
set in the 'General' section.)
Example value: 50%
- passwordfile
- Location of the file containing usernames and passwords.
Example value: /some/place/secret
- secretfile
- A file containing the TacacsPlus shared secrets for the
targets. It should contain whitespace-separated pairs of the form
`<host> <secret>'. Comments and blank lines are OK.
Example value: /another/place/secret
- step
- Duration of the base interval that this probe should use,
if different from the one specified in the 'Database' section. Note that
the step in the RRD files is fixed when they are originally generated, and
if you change the step parameter afterwards, you'll have to delete the old
RRD files or somehow convert them. (This variable is only applicable if
the variable 'concurrentprobes' is set in the 'General' section.)
Example value: 300
Supported target-specific variables:
- authtype
- The TacacsPlus Authentication type:ASCII(default), CHAP,
PAP
Example value: CHAP
Default value: ASCII
- mininterval
- The minimum interval between each authentication request
sent, in (possibly fractional) seconds.
Default value: 1
- password
- The password for the user, if not present in the password
file.
Example value: test-password
- pings
- How many pings should be sent to each target, if different
from the global value specified in the Database section. Note that the
number of pings in the RRD files is fixed when they are originally
generated, and if you change this parameter afterwards, you'll have to
delete the old RRD files or somehow convert them.
Example value: 5
- port
- The TacacsPlus port to be used
Example value: 49
Default value: 49
- secret
- The TacacsPlus shared secret for the target, if not present
in the secrets file.
Example value: test-secret
- timeout
- Timeout in seconds for the TacacsPlus queries.
Default value: 5
- username
- The username to be tested.
Example value: test-user
This setting is mandatory.
AUTHORS¶
Gary Mikula <g2ugzm@hotmail.com>
BUGS¶
Not as yet....
