--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=tac_plus
+PKG_VERSION:=4.0.4.28
+PKG_REV:=259251e6f1c2d5c98081a43c6f66d9eb2989cfd8
+PKG_RELEASE:=1
+
+PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_SOURCE_DATE:=2019.02.11
+PKG_SOURCE_URL:=https://codeload.github.com/facebook/tac_plus/tar.gz/$(PKG_SOURCE_VERSION)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_DATE)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_HASH:=3c37d6a8acf66cac4a95558bf3e29686ef3be505a1638e2ef788a7ece41d1b01
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_SUBDIR:=tacacs-F$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+MAKE_PATH:=$(PKG_BUILD_SUBDIR)
+CONFIGURE_PATH:=$(PKG_BUILD_SUBDIR)
+
+CONFIGURE_ARGS += \
+ --disable-shared \
+ --without-libwrap
+
+define Package/tac_plus
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=TACACS+ daemon
+ URL:=https://github.com/facebook/tac_plus/
+endef
+
+define Package/tac_plus/description
+TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
+authorization and accounting (AAA) services for routers and network devices.
+endef
+
+define Package/tac_plus/conffiles
+/etc/tac_plus.conf
+endef
+
+define Package/tac_plus/install
+ $(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/sbin
+ $(INSTALL_CONF) ./files/tac_plus.conf $(1)/etc/tac_plus.conf
+ $(INSTALL_BIN) ./files/tac_plus.init $(1)/etc/init.d/tac_plus
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_BUILD_SUBDIR)/tac_plus $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,tac_plus))
--- /dev/null
+#
+# An example tac_plus configuration. You should change this
+# before using it.
+#
+
+# Define where to log accounting data, this is the default.
+accounting file = /var/log/tac_plus.acct
+
+# This is the key that clients have to use to access Tacacs+
+key = testing123
+
+# Use /etc/passwd file to do authentication
+#default authentication = file /etc/passwd
+
+# You can use feature like per host key with different enable passwords
+#host = 127.0.0.1 {
+# key = test
+# type = cisco
+# enable = <des|cleartext> enablepass
+# prompt = "Welcome XXX ISP Access Router \n\nUsername:"
+#}
+
+# We also can define local users and specify a file where data is stored.
+# That file may be filled using tac_pwd
+#user = test1 {
+# name = "Test User"
+# member = staff
+# login = file /etc/tacacs/tacacs_passwords
+#}
+
+# We can also specify rules valid per group of users.
+#group = group1 {
+# cmd = conf {
+# deny
+# }
+#}
+
+# Another example : forbid configure command for some hosts
+# for a define range of clients
+#group = group1 {
+# login = file /etc/passwd
+# service = ppp
+# protocol = ip {
+# addr = 10.10.0.0/24
+# }
+# cmd = conf {
+# deny .*
+# }
+#}
+
+user = DEFAULT {
+ login = file /etc/passwd
+ service = ppp protocol = ip {}
+}
+
+# Much more features are availables, like ACL, more service compatibilities,
+# commands authorization, scripting authorization.
+# See the man page for those features.
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+
+USE_PROCD=1
+PROG=/usr/sbin/tac_plus
+
+start_service() {
+ procd_open_instance
+ procd_set_param command "$PROG" -G -C /etc/tac_plus.conf
+ procd_close_instance
+}
--- /dev/null
+--- a/tacacs-F4.0.4.28/configure 2015-01-06 22:55:35.000000000 +0100
++++ b/tacacs-F4.0.4.28/configure 2019-01-31 14:44:28.679272504 +0100
+@@ -3285,11 +3285,9 @@
+ ;;
+ *linux* )
+ # XXX: not sure if /usr/local is necessary.
+- # XXX: linux libwrap needs -lnsl. configure should check for
+- # existence of libnsl instead of hard-coding
+ CPPFLAGS="$CFLAGS -I/usr/local/include"; export CPPFLAGS
+ LDFLAGS="$LDFLAGS -L/usr/local/lib -L/lib"; export LDFLAGS
+- LIBS="-lnsl -lcrypt $LIBS"; export LIBS
++ LIBS="-lcrypt $LIBS"; export LIBS
+ $as_echo "#define LINUX 1" >>confdefs.h
+
+