Abstract interface to .tacacsrc credentials file.
Designed to interoperate with the legacy DeviceV2 implementation, but provide a reasonable API on top of that. The name and format of the .tacacsrc file are not ideal, but compatibility matters.
Fetch the password for a device/realm or create a new entry for it. If device is not passed, settings.DEFAULT_REALM is used, which is default realm for most devices.
Parameters: |
|
---|
Prompt for username, password and return them as Credentials namedtuple.
Parameters: |
|
---|
Converts old .tacacsrc to new .tacacsrc.gpg.
Update the credentials for a given device/realm. Assumes the same username that is already cached unless it is passed.
This may seem redundant at first compared to Tacacsrc.update_creds() but we need this factored out so that we don’t end up with a race condition when credentials are messed up.
Returns True if it actually updated something or None if it didn’t.
Parameters: |
|
---|
Given a set of credentials, try to return a Credentials object.
If creds is unset it will fetch from .tacacsrc.
Expects either a 2-tuple of (username, password) or a 3-tuple of (username, password, realm). If only (username, password) are provided, realm will be populated from DEFAULT_REALM.
Parameters: | creds – A tuple of credentials. |
---|
Credentials(username, password, realm)
Alias for field number 1
Alias for field number 2
Alias for field number 0
Encrypts, decrypts and returns credentials for use by network devices and other tools.
Pass use_gpg=True to force GPG, otherwise it relies on settings.USE_GPG_AUTH
*_old functions should be removed after everyone is moved to the new system.
Update username/password for a realm/device and set self.creds_updated bit to trigger .write().
Parameters: |
|
---|
Checks if user has .gnupg directory and .tacacsrc.gpg file.
Writes .tacacsrc(.gpg) using the accurate method (old vs. new).