Terminal Access Controller Access Control System (TACACS) Authentication
|
Rather Have Fast and Secure Remote
Control?
|
Terminal Access Controller Access Control System (TACACS) was originally defined in RFC 1492 as a system to allow users connecting to a remote access server to be centrally authenticated. TACACS was originally implemented in the Cisco IOS in 1989, and was later extended to include additional features in what is known as XTACACS (Extended TACACS). While client support for both versions can still be found in the Cisco IOS, they are currently considered End-of-Maintenance (EoM) protocols. Cisco currently supports a completely new (and incompatible) version on its equipment known as TACACS+.
TACACS+ provides what are known as AAA services – Authentication, Authorization, and Accounting. Authentication services are used to identify users, usually via a username and password combination. Authorization services are used to control what a user has access to, once they have been authenticated. For example, a user could be given access to only certain router commands with TACACS+. Accounting services track user sessions, such that the amount of time that a user spends connected to a system can be logged for security or billing purposes. All three of components are considered central to the security of networking services.
In TACACS lingo, a client would be a device like a switch or router. A server would be a centralized server configured with a user database of some sort, where authentication (as well as authorization and accounting) requests would be validated. For example, if a router were configured to use TACACS+ authentication, it would not authenticate connected users locally, but would rather pass the request on to a TACACS+ server. This would allow a single user account to be defined for an administrator, who could then log on to equipment for which they had been authorized. Cisco provides a TACACS+ server in its Cisco Secure Access Control Server (ACS) product, but freeware TACACS+ servers that run on UNIX/Linux are also available.
Next post in CCDA Study Guide:
Remote Authentication Dial In User Service (RADIUS) Authentication
Previous post in CCDA Study Guide:
Cisco IOS Network Traffic Encryption Features
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
