What is tacshell?

tacshell is a drop-in replacement for the RSA ACE/Server sdshell program, which allows UNIX shell authentication via a SecurID token.

How does tacshell differ from sdshell?

tacshell authenticates against an ACE/Server via the Cisco TACACS+ protocol whereas sdshell authenticates via a proprietary protocol.

Why would I want to use tacshell instead of sdshell?

Several reasons:
  • sdshell authentication breaks when the client is separated from the server by NATting (for instance, if the client is in a DMZ).
  • Source code for sdshell is not available, so it cannot be used in oddball UNIX boxen.
  • tacshell is much smaller than sdshell (~20k versus ~80k).
  • tacshell does not need suid root privileges.
  • tacshell doesn't have any buffer overflows.
  • What's changed?

  • Per-user shell configuration supported as of version 0.9.
  • Multiple servers are supported as of version 0.7.
  • New PIN mode is supported as of version 0.6.

  • Downloads:
  • tacshell-0.91.tar.gz (latest version, 26 May 2004) (source code) (diff against previous version)
  • tacshell-0.9.tar.gz (29 October 2003) (source code) (diff against previous version)
  • tacshell-0.8.tar.gz (14 June 2003) (source code) (diff against previous version)
  • tacshell-0.7.tar.gz (29 May 2003) (source code) (diff against previous version)
  • tacshell-0.6.tar.gz (19 March 2003) (source code) (diff against previous version)
  • tacshell-0.5.tar.gz (25 November 2002) (source code)

  • wileyc@rezrov.net