.
Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks.
TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. This server is normally a program running on a host. The host would determine whether to accept or deny the request and send a response back. The TIP would then allow access or not, based upon the response. In this way, the process of making the decision is "opened up" and the algorithms and data used to make the decision are under the complete control of whoever is running the TACACS daemon.
The below diagram shows user accessing the network through the Network Access Server and then disconnecting.
- Network Access Server get username/password pair from remote user, and sends this with a 'Login' to the TACACS Server (Authentication phase).
- When the user and password combination is valid then the TACACS Server sends a 'Reply' accepted.
- The NAS sends a 'Logout' request to permit the TACACS server to go into SLIP mode.
- The TACACS server replies with a 'Reply' accepted and logs the user out.
TACACS protocol provides access control for routers, network access servers and other networked computing devices via one or more centralized servers.
A later version of TACACS introduced in 1990 was called XTACACS (extended TACACS). These two versions have generally been replaced by TACACS+ and RADIUS in newer or updated networks. TACACS+ is a completely new protocol and is therefore not compatible with TACACS or XTACACS.
TACACS is an encryption protocol and therefore less secure than the later TACACS+ and Remote Authentication Dial-In User Service protocols.
No comments:
Post a Comment