What is tacshell?
tacshell is a drop-in replacement for the RSA ACE/Server sdshell program,
which allows UNIX shell authentication via a SecurID token.
How does tacshell differ from sdshell?
tacshell authenticates against an ACE/Server via the Cisco TACACS+ protocol
whereas sdshell authenticates via a proprietary protocol.
Why would I want to use tacshell instead of sdshell?
Several reasons:
sdshell authentication breaks when the client is separated from the server
by NATting (for instance, if the client is in a DMZ).
Source code for sdshell is not available, so it cannot be used in
oddball UNIX boxen.
tacshell is much smaller than sdshell (~20k versus ~80k).
tacshell does not need suid root privileges.
tacshell doesn't have any buffer overflows.
What's changed?
Per-user shell configuration supported as of version 0.9.
Multiple servers are supported as of version 0.7.
New PIN mode is supported as of version 0.6.
Downloads:
tacshell-0.91.tar.gz (latest version, 26 May 2004) (source code) (diff against previous version)
tacshell-0.9.tar.gz (29 October 2003) (source code) (diff against previous version)
tacshell-0.8.tar.gz (14 June 2003) (source code) (diff against previous version)
tacshell-0.7.tar.gz (29 May 2003) (source code) (diff against previous version)
tacshell-0.6.tar.gz (19 March 2003) (source code) (diff against previous version)
tacshell-0.5.tar.gz (25 November 2002) (source code)
wileyc@rezrov.net