Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

TACACS+ authentication

This section presents the following topics:

TACACS+ is a distributed access control system for routers that provides authentication, authorization, and accounting.

To configure TACACS+, you specify the location of the TACACS+ server and specify the secret to be used to authenticate the user on the server. A TACACS+ secret is specified in plain text and stored in plain text on the system and is used as part of a cryptographic operation for transferring authentication information securely over the network. A TACACS+ secret must not contain spaces and is case sensitive.

Where TACACS+ authentication is used, some delay can be expected as the TACACS+ server is queried; the amount of delay depends on the cumulative timeout values configured for all TACACS+ servers.

Unlike RADIUS, TACACS+ authentication does not require prior authentication in the login database of the vRouter. A TACACS+ server can be used either as the only authentication server or as a supplement to the vRouter, providing password authentication.