TACACS+
From Wikipedia, the free encyclopedia
In computer networking, TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.
Contents |
[edit] History
TACACS+ is based on TACACS, but, in spite of its name, it is an entirely new protocol which is incompatible with any previous version of TACACS. TACACS+ and RADIUS have generally replaced the earlier protocols in more recently built or updated networks, although TACACS and XTACACS are still running on many older systems.
[edit] Authentication, Authorisation and Accounting
Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations. Another difference is that TACACS+ uses the Transmission Control Protocol (TCP) while RADIUS uses the User Datagram Protocol (UDP). Most administrators recommend using TACACS+ because TCP is seen as a more reliable protocol.
The extensions to the TACACS+ protocol provide for more types of authentication requests and more types of response codes than were in the original specification.
[edit] Protocol details
TACACS+ utilizes TCP port 49. It consists three separate protocols, which can if desired by implemented on separate servers.[1]
TACACS+ offers multiprotocol support such as IP, and AppleTalk. Normal operation fully encrypts the body of the packet for more secure communications. It is a Cisco proprietary enhancement to the original TACACS protocol.
[edit] See also
[edit] References
[edit] External Links
- Cisco's TACACS+ RFC draft
- http://www.shrubbery.net/tac_plus/
- http://www.gazi.edu.tr/tacacs Database supported tacacs+
- http://rubyforge.org/projects/tacacs-plus/ A pure Ruby implementation of TACACS+
