Viewing the Current TACACS+ Configuration
To read the current TACACS+ configuration, use the following command
[ctp_cmd@gluon_50 ~ 7]> syscfg -r -u tacplus_cfg
SIP10.0.0.0:SSnone:TO5:ST0:RP49:OLF1:RF1
[ctp_cmd@gluon_50 ~ 8]>
Using the above help, the commands will be issued with the following set up:
First TACACS+ server IP: 1.2.3.4
First TACACS+ shared secret IP: secret
Timeout period: 15
Enable TACACS+: Yes
TACACS+ server port: 49
Offline Failover: No
Reject Failover: No
Second TACACS+ server IP: 1.2.3.5
Second TACACS+ shared secret IP: secret1
Third TACACS+ server IP: 1.2.3.6
Third TACACS+ shared secret IP: secret2
[ctp_cmd@gluon_50 ~ 8]> syscfg -s -u tacplus_cfg -v "SIP1.2.3.4:SSsecret:TO15:ST1:RP49:OLF0:RF0:N1SIP1.2.3.5:N1SSsecret1:N2SIP1.2.3.6:N2SSsecret2"
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[ctp_cmd@gluon_50 ~ 4]> syscfg -r -u tacplus_cfg
SIP1.2.3.4:SSsecret:TO15:ST1:RP49:OLF0:RF0:N1SIP1.2.3.5:N1SSsecret1:N2SIP1.2.3.6:N2SSsecret2
[ctp_cmd@gluon_50 ~ 5]>
Note that, when I read back the config string, it comes back exactly as configured, which is a good way to verify that the configuration was accepted.
At this point, if you want to keep the configuration, but disable TACACS+, all you need to do is read the config, set ST1 to ST0, and write it back.