TACACS+ authentication
This section presents the following topics:
- Mapping vRouter user IDs to TACACS+ usernames
- Specifying authentication level in TACACS+
- Restricting access through connection type
- Troubleshooting TACACS+ authentication issues
TACACS+ is a distributed access control system for routers that provides authentication, authorization, and accounting.
To configure TACACS+, you specify the location of the TACACS+ server and specify the secret to be used to authenticate the user on the server. A TACACS+ secret is specified in plain text and stored in plain text on the system and is used as part of a cryptographic operation for transferring authentication information securely over the network. A TACACS+ secret must not contain spaces and is case sensitive.
Where TACACS+ authentication is used, some delay can be expected as the TACACS+ server is queried; the amount of delay depends on the cumulative timeout values configured for all TACACS+ servers.
Unlike RADIUS, TACACS+ authentication does not require prior authentication in the login database of the vRouter. A TACACS+ server can be used either as the only authentication server or as a supplement to the vRouter, providing password authentication.