On 2026-02-11 08:51, Saku Ytti wrote:
As far as I can see FreeBSD ports ship two tacacs
a) shrubbery
- in no different state to any other OS
- which specifically OP signalled problem against
b) tacplus by christian becker
- in no different state to any other OS
- upstream is specifically asking you not to use it, and to move to
tacplus-ng, which they support, which I don't see in ports
Elmar framed their argument in a very inflammatory way, claiming that
somehow one OS boxes in your selection of applications while another
OS does not, supported by no actual arguments. It was further claimed
that the package is somehow more maintained than in other OS, offering
no arguments why it would be so.
As far as I looked at both FreeBSD ports, they make no changes of
relevance to upstream or contribute to upstream so they offer no
solution that upstream doesn't. Therefore no meaningful delta to any
other OS running the same software.
I'm assuming most people in this list will not consider the choice of
OS important, and accept that people use OS that their organisation is
comfortable with. If you run TACACS on your Windows AD server, that
may be a very good choice for the set of problems you're solving with
the organisation you have. Other companies may do something entirely
different and be no more or less correct in doing so.
There are certainly long tail use cases where kernel becomes an
important differentiator, for running TACACS it's not.
It is hard to see this as anything else, but as an explicit attempt to
inject OS discussion somewhere where it didn't belong and didn't help
OP in any way, but to add confusion.
WOW! That was an unexpected reply.
It's clear you don't run FreeBSD. That's perfectly
fine. I suggested it because, while we run both
Linux and FreeBSD. We predominately use FreeBSD
because it better suits our needs. I only suggested
FreeBSD because it's different and may provide
options the OP hadn't considered. As I mentioned;
it'll also run Linux in a jail/VM. I can spin up an
instance of Linux in a jail in ~20 seconds. While,
as you mention, shrubbery and tacplus are on par
w/linux', version-wise. The FreeBSD network(ing)
is not. The FreeBSD networking is completely
different. So both applications, while roughly the
same. Do not perform the same on both. It's also
not uncommon to keep local patches for applications
and the OS we run, that allow us to overcome our
perceived shortfalls. Don't you?
I am not "pitting" one OS over another. I had NO
intention of doing so. I like Linux just fine. We
use it here. I love Volkswagons too. But I prefer
to drive my Mercedes. It better meets my needs.
Sorry I responded. I had only hoped to help.
I would have happily elaborated further, had the OP
showed any interest in investigating this avenue.
Good day.
--Chris
On Wed, 11 Feb 2026 at 18:16, Chris via NANOG <[email protected]> wrote:
On 2026-02-11 00:05, Elmar K. Bins via NANOG wrote:
> Hi Drew, I'll answer in private to not reincinerate the OS wars.
> We're running tac_plus, and have been since... forever.
> We have not painted ourselves into a corner by using Linux, though.
> FreeBSD has a still-maintained package which works well; it needs a restart
> every two months or so, but is happy otherwise.
I was going to suggest the same. We've been on FBSD for *decades* and have
zero
problems. As an added bonus, it'll run most linux apps either directly, or
a
complete (linux) system in a VM or jail.
HTH
--Chris
>
> I know this won't help you much, except maybe to think a bit outside the
> Linux box.
>
> Cheers,
> Elmar.
>
> [email protected] (Drew Weaver via NANOG) wrote:
>
>> Howdy.
>>
>> I imagine that this is an issue that has come up before but I am having an
>> issue finding how anyone else handled it. (Unless everyone is still running
>> tac_plus on RHEL7)
>>
>> I'm trying to migrate some tac plus instances to a new Linux distro that
>> apparently doesn't support tcp_wrappers and I'm having trouble both
>> compiling it and making an RPM for it.
>>
>> I've tried both the original https://www.shrubbery.net/tac_plus/ and the
>> now sadly abandoned Facebook version https://github.com/facebook/tac_plus
>>
>> If there is another tacacs+ solution everyone has moved to that I am
>> unaware of please enlighten me.
>>
>> Thank you,
>> -Drew
>>
>>
>>
>> _______________________________________________
>> NANOG mailing list
>>
https://lists.nanog.org/archives/list/[email protected]/message/REGURCJX4QAEZOEORGRO7TLFKTY36QPW/
>>
> _______________________________________________
> NANOG mailing list
>
https://lists.nanog.org/archives/list/[email protected]/message/KPFGMHQ4YGYUAZEOGZ3ZGOFXV5L3ZKSP/
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/BTL5MFFLWTEJKSKQWSHXAK3ZNVOHP6AK/
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/OYWPPXKTSPKPFGIRTD3TVAP4JT5UHX7N/
