To use the library, an application must first call tac_open to obtain a struct tac_handle *, which provides context for subsequent operations. Calls to tac_open always succeed unless insufficient virtual memory is available. If the necessary memory cannot be allocated, tac_open returns NULL.
Before issuing any TACACS+ requests, the library must be made aware of the servers it can contact. The easiest way to configure the library is to call tac_config. tac_config causes the library to read a configuration file whose format is described in tacplus.conf(5). The pathname of the configuration file is passed as the file argument to tac_config. This argument may also be given as NULL, in which case the standard configuration file /etc/tacplus.conf is used. tac_config returns 0 on success, or -1 if an error occurs.
The library can also be configured programmatically by calls to tac_add_server. The host parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form. The port parameter specifies the TCP port to contact on the server. If port is given as 0, the library uses port 49, the standard TACACS+ port. The shared secret for the server host is passed to the secret parameter. It may be any null-terminated string of bytes. The timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds. The flags parameter is a bit mask of flags to specify various characteristics of the server. It may contain: