As far as I can see FreeBSD ports ship two tacacs
a) shrubbery - in no different state to any other OS - which specifically OP signalled problem against b) tacplus by christian becker - in no different state to any other OS - upstream is specifically asking you not to use it, and to move to tacplus-ng, which they support, which I don't see in ports
Elmar framed their argument in a very inflammatory way, claiming that somehow one OS boxes in your selection of applications while another OS does not, supported by no actual arguments. It was further claimed that the package is somehow more maintained than in other OS, offering no arguments why it would be so. As far as I looked at both FreeBSD ports, they make no changes of relevance to upstream or contribute to upstream so they offer no solution that upstream doesn't. Therefore no meaningful delta to any other OS running the same software.
I'm assuming most people in this list will not consider the choice of OS important, and accept that people use OS that their organisation is comfortable with. If you run TACACS on your Windows AD server, that may be a very good choice for the set of problems you're solving with the organisation you have. Other companies may do something entirely different and be no more or less correct in doing so. There are certainly long tail use cases where kernel becomes an important differentiator, for running TACACS it's not.
It is hard to see this as anything else, but as an explicit attempt to inject OS discussion somewhere where it didn't belong and didn't help OP in any way, but to add confusion. WOW! That was an unexpected reply. It's clear you don't run FreeBSD. That's perfectly fine. I suggested it because, while we run both Linux and FreeBSD. We predominately use FreeBSD because it better suits our needs. I only suggested FreeBSD because it's different and may provide
On 2026-02-11 08:51, Saku Ytti wrote: options the OP hadn't considered. As I mentioned; it'll also run Linux in a jail/VM. I can spin up an instance of Linux in a jail in ~20 seconds. While, as you mention, shrubbery and tacplus are on par w/linux', version-wise. The FreeBSD network(ing) is not. The FreeBSD networking is completely different. So both applications, while roughly the same. Do not perform the same on both. It's also not uncommon to keep local patches for applications and the OS we run, that allow us to overcome our perceived shortfalls. Don't you? I am not "pitting" one OS over another. I had NO intention of doing so. I like Linux just fine. We use it here. I love Volkswagons too. But I prefer to drive my Mercedes. It better meets my needs. Sorry I responded. I had only hoped to help. I would have happily elaborated further, had the OP showed any interest in investigating this avenue. Good day. --Chris
On Wed, 11 Feb 2026 at 18:16, Chris via NANOG <nanog@lists.nanog.org> wrote:
Hi Drew, I'll answer in private to not reincinerate the OS wars. We're running tac_plus, and have been since... forever. We have not painted ourselves into a corner by using Linux, though. FreeBSD has a still-maintained package which works well; it needs a restart every two months or so, but is happy otherwise. I was going to suggest the same. We've been on FBSD for *decades* and have zero
On 2026-02-11 00:05, Elmar K. Bins via NANOG wrote: problems. As an added bonus, it'll run most linux apps either directly, or a complete (linux) system in a VM or jail.
HTH
--Chris
I know this won't help you much, except maybe to think a bit outside the Linux box.
Cheers, Elmar.
nanog@lists.nanog.org (Drew Weaver via NANOG) wrote:
Howdy.
I imagine that this is an issue that has come up before but I am having an issue finding how anyone else handled it. (Unless everyone is still running tac_plus on RHEL7)
I'm trying to migrate some tac plus instances to a new Linux distro that apparently doesn't support tcp_wrappers and I'm having trouble both compiling it and making an RPM for it.
I've tried both the original https://www.shrubbery.net/tac_plus/ and the now sadly abandoned Facebook version https://github.com/facebook/tac_plus
If there is another tacacs+ solution everyone has moved to that I am unaware of please enlighten me.
Thank you, -Drew
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/REGURCJX...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/KPFGMHQ4...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/BTL5MFFL...