Technical data
BLADE OS 5.0 Command Reference
168
Chapter 6: The Configuration Menu BMD00142, November 2009
/cfg/sys/tacacs+
TACACS+ Server Configuration
TACACS (Terminal Access Controller Access Control system) is an authentication protocol that
allows a remote access server to forward a user's logon password to an authentication server to
determine whether access can be allowed to a given system. TACACS is an encryption protocol,
and therefore less secure than TACACS+ and Remote Authentication Dial-In User Service
(RADIUS) protocols. (Both TACACS and TACACS+ are described in RFC 1492.)
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control
Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS
combines authentication and authorization in a user profile, whereas TACACS+ separates the two
operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports de-coupled authentication, authorization, and accounting.
[TACACS+ Server Menu]
prisrv - Set IP address of primary TACACS+ server
secsrv - Set IP address of secondary TACACS+ server
secret - Set secret for primary TACACS+ server
secret2 - Set secret for secondary TACACS+ server
port - Set TACACS+ port number
retries - Set number of TACACS+ server retries
timeout - Set timeout value of TACACS+ server retries
usermap - Set user privilege mappings
bckdoor - Enable/disable TACACS+ backdoor for telnet/ssh/http/hhtps
secbd - Enable/disable TACACS+ secure backdoor
cmap - Enable/disable TACACS+ new privilege level mapping
cauth - Enable/disable TACACS+ command authorization
clog - Enable/disable TACACS+ command logging
dreq - Enable/disable TACACS+ directed request
on - Enable TACACS+ authentication
off - Disable TACACS+ authentication
cur - Display current TACACS+ settings