TACACS

from Wikipedia, the free encyclopedia

The Terminal Access Controller Access Control System ( TACACS ) is a communication protocol for AAA (authentication, authorization and accounting (accounting)) standardized in individual versions by the IETF and otherwise also widely used in other versions ( e.g. Cisco Systems TACACS + ). It is used for client-server communication between AAA servers and a Network Access Server (NAS). TACACS servers provide a central authentication instance for users who want to establish an IP connection with a NAS in an intranet or over the Internet .

TACACS was developed by the Defense Data Network for MILNET in the 1980s . It is defined in RFC 1492 from 1993 and uses port 49 ( UDP , or TCP ).

A later version of TACACS is XTACACS (eXtended TACACS). Both versions have been replaced by TACACsPlus (TACACS +, 1995), RADIUS (IETF RFC 4004 , 2005) and Diameter (IETF RFC 3539 , 2003). In contrast to the UDP-based Remote Authentication Dial-In User Service (RADIUS), TACACS + uses the connection-oriented TCP on port 49. Another difference to RADIUS is the fact that all TACACS communication is encrypted.

distribution

TACACS and XTACACS are rarely used. The TACACS + protocol is much better known. TACACS + is an authentication protocol based on TACACS that has been functionally expanded and redefined by Cisco Systems compared to TACACS. TACACS + is a completely new protocol and therefore not compatible with TACACS or XTACACS. This extension includes a broader selection of authentication methods, the possibility of introducing variable authorization schemes for users, and extended logging options. TACACS + is sometimes also referred to as tac_plus or T + and is not backwards compatible with other TACACS versions.

Applications with TACACS +

In typical Cisco network environments (e.g. routers , switches ), TACACS + is used for central user management for network administrators and operators. These connect z. B. via Telnet or SSH with the network devices to configure them or to carry out queries.

TACACS + is not only used in products from the manufacturer Cisco. Other manufacturers are also starting to use this protocol because TACACS + is very widespread in carrier and provider networks (e.g. devices from the Chinese manufacturer Huawei or the French manufacturer OneAccess ). In addition, TACACS + offers scalable authorization schemes, with which the user authorizations can be defined very precisely.

Further development

Due to the extended standardization of the IETF with the participation of Cisco Systems (2000, IETF RFC 2869 ) with RADIUS and DIAMETER (2005, IETF RFC 4004 ), especially due to additional features for mobile users, the importance of TACACS will continue to decrease, especially in heterogeneous networks.

DIAMETER also eliminates the weakness of RADIUS compared to TACACS + in encryption. DIAMETER is backwards compatible with RADIUS, but not compatible with TACACS +.

Web links

Individual evidence

  1. TACACS User Identification Telnet Option
  2. An Access Control Protocol, Sometimes Called TACACS
  3. ^ TACACS + and RADIUS Comparison
  4. a b Diameter Mobile IPv4 Application
  5. ^ Authentication, Authorization and Accounting (AAA) Transport Profile
  6. RADIUS Extensions