Project description

django-auth-tacacs

A django authentication backend that uses Tacacs+ for authentication. This can also be used with Nautobot or Netbox.

Description

This backend authenticates users via Tacacs+. Only authentication is implemented, authorization is expected to be managed within the application itself, depending on the user groups.

Users that don't exist yet may be added automatically by enabling the option TACACSPLUS_AUTOCREATE_USERS. Newly created users will be added with the standard django parameters is_admin=False and is_staff=False.

If you have customized User tables then this package may not work as expected.

Installation

Install the package with pip:

pip3 install django-auth-tacacs

This package requires tacacs-plus to be installed.

Depending on the usage, it also requires one of the following packages:

django
nautobot
netbox

Usage

To use this package, you'll need to add the TACACSPlusAuthenticationBackend library to the AUTHENTICATION_BACKENDS configuration parameter. The order is important, if you have multiple authentication backends then you must configure them in the correct order.

You also need to add the TACACS_PLUS configuration parameters:

TACACSPLUS_HOST = 'localhost'
TACACSPLUS_PORT = 49
TACACSPLUS_SECRET = 'super-secret'
TACACSPLUS_SESSION_TIMEOUT = 5
TACACSPLUS_AUTH_PROTOCOL = 'ascii'
TACACSPLUS_AUTOCREATE_USERS = True

Django example

This example will use the Tacacs+ authentication backend and fallback to the internal django DB user authentication: Add the following to settings.py

AUTHENTICATION_BACKENDS = [
    'django_auth_tacacs.django.TACACSPlusAuthenticationBackend',
    'django.contrib.auth.backends.ModelBackend',
]
TACACSPLUS_HOST = 'localhost'
TACACSPLUS_PORT = 49
TACACSPLUS_SECRET = 'super-secret'
TACACSPLUS_SESSION_TIMEOUT = 5
TACACSPLUS_AUTH_PROTOCOL = 'ascii'
TACACSPLUS_AUTOCREATE_USERS = True

Nautobot example

This example will use the Tacacs+ authentication backend and fallback to the internal nautobot DB user authentication.
Add the following to nautobot_config.py

AUTHENTICATION_BACKENDS = [
     'django_auth_tacacs.nautobot.TACACSPlusAuthenticationBackend',
     'nautobot.core.authentication.ObjectPermissionBackend',
]
TACACSPLUS_HOST = 'localhost'
TACACSPLUS_PORT = 49
TACACSPLUS_SECRET = 'super-secret'
TACACSPLUS_SESSION_TIMEOUT = 5
TACACSPLUS_AUTH_PROTOCOL = 'ascii'
TACACSPLUS_AUTOCREATE_USERS = True

Netbox example

This example will use the Tacacs+ authentication backend and fallback to the internal netbox DB user authentication.
Add the following to configuration.py

REMOTE_AUTH_BACKEND = 'django_auth_tacacs.nautobot.TACACSPlusAuthenticationBackend'

TACACSPLUS_HOST = 'localhost'
TACACSPLUS_PORT = 49
TACACSPLUS_SECRET = 'super-secret'
TACACSPLUS_SESSION_TIMEOUT = 5
TACACSPLUS_AUTH_PROTOCOL = 'ascii'
TACACSPLUS_AUTOCREATE_USERS = True

Project details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.0.1

Mar 3, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_auth_tacacs-0.0.1.tar.gz (4.0 kB view hashes)

Uploaded Mar 3, 2023 Source

Built Distribution

django_auth_tacacs-0.0.1-py3-none-any.whl (6.1 kB view hashes)

Uploaded Mar 3, 2023 Python 3

Hashes for django_auth_tacacs-0.0.1.tar.gz

Hashes for django_auth_tacacs-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`8a4f2a86ad1f245b9f522e8c745cefbde230d930793005e5e63813b4369c2305`
MD5	`3e49b5d7cb92bc61ccfe8a846ff88b8d`
BLAKE2b-256	`d1095ddc5a49a57d7633bbf477131e91a2f554ae064a0a026151b9f06d1fa9df`

Hashes for django_auth_tacacs-0.0.1-py3-none-any.whl

Hashes for django_auth_tacacs-0.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`b265b000d485e65f72494bb336518cde9f23d391b0c17cba567336287d3593cb`
MD5	`fdfdc34d70ff137424681985b5dcd664`
BLAKE2b-256	`b1f0da65cf1f70905837649664feb49e4109237972ea1ab324e46f4571a668f0`