Accounting REQUEST Packet
The Oracle® Enterprise Session Border Controller, acting as a TACACS+ client, sends an accounting REQUEST START variant to the TACACS+ daemon following the successful authorization of an admin user. It sends an accounting REQUEST WATCHDOG variant to the daemon following the authorization of an admin user’s access to an ACLI command. It sends an accounting REQUEST STOP variant to the daemon at the conclusion of the ACLI session.
The accounting REQUEST packet format is as follows.
+-----------------------------------+ | Common Header | | | | type contains 0x3 | +--------+--------+--------+--------+ | flags |authen_ |priv_lvl|authen- | | |method | |type | |--------+--------+--------+--------+ |authen_ |user_len|port_len|rem_addr| |service | | |_len | +----+---+--------+--------+--------+ |arg_cnt |arg1_len|arg2_len|argN_len| | | | | | +--------+--------+--------+--------+ |argN_len| user ... | +--------+--------------------------+ | port ... | +-----------------------------------+ | rem-addr ... | +-----------------------------------+ | arg1 ... | +-----------------------------------+ | arg2 ... | +-----------------------------------+ | argN ... | +-----------------------------------+
flags
This 8-bit field contains an enumerated value that identifies the accounting REQUEST variant.
0x2 — START
0x4 — STOP
0x8 — WATCHDOG
authen_method
This 8-bit field contains an enumerated value that identifies the method used to authenticate the accounting subject — that is, an admin user. Because an admin user is authenticated locally by the Oracle® Enterprise Session Border Controller, this field always contains a value of 0x05 , indicating authentication by the requesting client.
priv_lvl
This 8-bit field contains an enumerated value that identifies the privilege level associated with the accounting subject. For the current TACACS+ accounting implementation, this field always contains a value of 0x00 .
authen-type
This 8-bit field contains an enumerated value that identifies the methodology. used to authenticate the accounting subject. Because an admin user is authenticated with a simple username/password exchange, this field always contains a value of 0x01 , indicating ascii login.
authen_service
This 8-bit field contains an enumerated value that identifies the service that requested authentication. Because an admin user is authenticated with a simple username/password exchange, this field always contains a value of 0x01 , the login service.
user_len
This 8-bit field contains an integer that specifies the length, in octets, of the user field.
port_len
This 8-bit field contains an integer that specifies the length, in octets, of the port field.
rem_addr_len
This 8-bit field contains an integer that specifies the length, in octets, of the rem_addr field.
arg_cnt
This 8-bit field contains an integer that specifies the number or arguments contained with the accounting REQUEST.
arg1_len
This 8-bit field contains an integer that specifies the length, in octets, of the first argument.
Subsequent fields contain the length of each sequential argument.
user
This variable length field contains the login name of the accounting subject.
port
This variable length field contains the name of the Oracle® Enterprise Session Border Controller port on accounting is taking place. Following Cisco System convention, this field always contains the string tty10 .
rem_addr
This variable length contains the location of the authorization subject. This field always contains the localhost address.
arg...
This variable length field contains a TACACS+ attribute value pair (AVP); each arg field holds a single AVP.
A TACACS+ AVP is an ASCII string with a maximum length of 255 octets. The string consists of the attribute name and its assigned value separated by either an equal sign (=) or by an asterisk (*). The equal sign (=) identifies a mandatory argument, one that must be understood and processed by the TACACS+ daemon; the asterisk (*) identifies an optional argument that may be disregarded by either the client or daemon.
Administrative accounting requires the use of five TACACS+ AVPs: service, task-id, start_time, and stop_time.
The task_id AVP, included in accounting REQUEST START, STOP, and WATCHDOG variants, correlates session initiation, watchdog updates, and termination packets; each associated START, STOP, and WATCHDOG packet must contain matching task-id AVPs.
task_id=13578642
The start_time AVP, included in accounting REQUEST START and WATCHDOG variants, specifies the time at which a specific accounting request was initiated. The start time is expressed as the number of seconds elapsed since January 1, 1970 00:00:00 UTC.
start_time=1286790650
The stop_time AVP, included in accounting REQUEST STOP variants, specifies the time at which a specific accounting session was terminated. The stop time is expressed as the number of seconds elapsed since January 1, 1970 00:00:00 UTC.
stop_time=1286794250
The service AVP, included in accounting REQUEST START, STOP, and WATCHDOG variants, identifies the function subject to accounting. In the case of the current implementation, the attribute value is always shell . Consequently the attribute takes the follow format:
service=shell
The cmd AVP, included in accounting REQUEST WATCHDOG variants, identifies the specific ACLI command to be processed by the accounting service. The command is passed in its entirety, from the administrative configuration root, configure terminal, through the final command argument. For example,
cmd=configure terminal security authentication type tacacsplus
Note the equal sign (=) used in the attribute examples, indicating that all are mandatory arguments.
