Definition TACACS

TACACS means Terminal Access Control Access Control Server, and the main objective is to provide a centralized control point for the authentication, authorization, and accounting of the activities of administrators in the networking devices

Let’s understand a little what AAA refers to:

Authentication of TACACS

It refers to those who can access network devices. Users are required to identify themselves and prove that they are the user they claim to be. Here you must provide your username and password, and you can also use OTP or One Time Passwords. Since we talk about using a password, there must be a good password policy in the organization.

TACACS Authorization

It refers to what the already authenticated user has the right to do on the device. An example of this would be what commands you can execute, etc.

Accounting

Keep track of what the operator or user do on the device. It is essential at the time of audits. It uses start and stops messages to keep track of what has been started and when it finishes. These records can save locally or sent to other Syslog servers.

Different types of traffic data can be maintain for various periods. For example, network access records have different commercial and data storage. These needs than NNTP records and, consequently, in certain circumstances may be available by more extended periods.

It allows another authentication method (Kerberos, for example) which can use, while TACACS + is also use for authorization and accounting.

While TACACS + encrypts the entire package, RADIUS encrypts only the password in the initial client-server box.

The obvious question is, “if there is a TACACS +, is there a TACACS?” TACACS was the original version of this protocol and is rarely use these days.