As far as I can see FreeBSD ports ship two tacacs a) shrubbery - in no different state to any other OS - which specifically OP signalled problem against b) tacplus by christian becker - in no different state to any other OS - upstream is specifically asking you not to use it, and to move to tacplus-ng, which they support, which I don't see in ports
Elmar framed their argument in a very inflammatory way, claiming that somehow one OS boxes in your selection of applications while another OS does not, supported by no actual arguments. It was further claimed that the package is somehow more maintained than in other OS, offering no arguments why it would be so. As far as I looked at both FreeBSD ports, they make no changes of relevance to upstream or contribute to upstream so they offer no solution that upstream doesn't. Therefore no meaningful delta to any other OS running the same software. I'm assuming most people in this list will not consider the choice of OS important, and accept that people use OS that their organisation is comfortable with. If you run TACACS on your Windows AD server, that may be a very good choice for the set of problems you're solving with the organisation you have. Other companies may do something entirely different and be no more or less correct in doing so. There are certainly long tail use cases where kernel becomes an important differentiator, for running TACACS it's not. It is hard to see this as anything else, but as an explicit attempt to inject OS discussion somewhere where it didn't belong and didn't help OP in any way, but to add confusion. On Wed, 11 Feb 2026 at 18:16, Chris via NANOG <[email protected]> wrote: > > On 2026-02-11 00:05, Elmar K. Bins via NANOG wrote: > > Hi Drew, I'll answer in private to not reincinerate the OS wars. > > We're running tac_plus, and have been since... forever. > > We have not painted ourselves into a corner by using Linux, though. > > FreeBSD has a still-maintained package which works well; it needs a restart > > every two months or so, but is happy otherwise. > I was going to suggest the same. We've been on FBSD for *decades* and have > zero > problems. As an added bonus, it'll run most linux apps either directly, or a > complete (linux) system in a VM or jail. > > HTH > > --Chris > > > > I know this won't help you much, except maybe to think a bit outside the > > Linux box. > > > > Cheers, > > Elmar. > > > > [email protected] (Drew Weaver via NANOG) wrote: > > > >> Howdy. > >> > >> I imagine that this is an issue that has come up before but I am having an > >> issue finding how anyone else handled it. (Unless everyone is still running > >> tac_plus on RHEL7) > >> > >> I'm trying to migrate some tac plus instances to a new Linux distro that > >> apparently doesn't support tcp_wrappers and I'm having trouble both > >> compiling it and making an RPM for it. > >> > >> I've tried both the original https://www.shrubbery.net/tac_plus/ and the > >> now sadly abandoned Facebook version https://github.com/facebook/tac_plus > >> > >> If there is another tacacs+ solution everyone has moved to that I am > >> unaware of please enlighten me. > >> > >> Thank you, > >> -Drew > >> > >> > >> > >> _______________________________________________ > >> NANOG mailing list > >> https://lists.nanog.org/archives/list/[email protected]/message/REGURCJX4QAEZOEORGRO7TLFKTY36QPW/ > >> > > _______________________________________________ > > NANOG mailing list > > https://lists.nanog.org/archives/list/[email protected]/message/KPFGMHQ4YGYUAZEOGZ3ZGOFXV5L3ZKSP/ > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/BTL5MFFLWTEJKSKQWSHXAK3ZNVOHP6AK/ -- ++ytti _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/BQOLL2W6C67RVUIKS4EJTW54QJWJKUKL/
