TACACS

The Terminal Access Controller Access Control System ( TACACS ) is an in individual versions standardized by the IETF, and otherwise in other versions ( for example, Cisco Systems TACACS ) widely used communication protocol for AAA (authentication, authorization, and accountability ( accounting) ). It is used for client -server communication between AAA servers and a Network Access Server (NAS). TACACS servers provide a centralized authentication instance available for users who wish to establish an IP connection with a NAS in an intranet or over the Internet.

TACACS was developed in the 1980s by the Defense Data Network for MILNET. It is defined in RFC 1492 in 1993 and uses the port 49 (UDP or TCP).

A later version of TACACS is XTACACS ( eXtended TACACS ). Both versions were replaced by TACACsPlus ( TACACS , 1995), RADIUS (IETF RFC 4004, 2005) and Diameter (2003 IETF RFC 3539 ). In contrast to the UDP-based RADIUS protocol TACACS the connection-oriented TCP port 49 used in a further differentiation to the RADIUS is the fact that the entire TACACS communication is encrypted.

Dissemination

TACACS and XTACACS are hardly used. Much better known is the TACACS protocol. TACACS is a work based on TACACS authentication protocol, which was compared with TACACS functionally expanded from Cisco Systems and redefined. TACACS is a completely new protocol and is therefore not compatible with TACACS or XTACACS. This expansion also includes a wider range of authentication methods, introduce the possibility for variable authorization schemes for users, as well as advanced logging capabilities. TACACS is sometimes referred to as tac_plus or T and is not backwards compatible with other versions of TACACS.

Applications with TACACS

In Cisco typical network environments (eg, routers, switches ) is used TACACS for centralized user management for network administrators and operators. These combine, for example, via Telnet or SSH to the network devices to configure this or perform queries.

TACACS is not limited to use in products of the author Cisco. Other manufacturers also begin to use this protocol because TACACS is very widely used in carrier and provider networks ( eg devices of the Chinese manufacturer Huawei or the French manufacturer OneAccess ). In addition, to TACACS authorization scalable schemes, which can be very finely define the user permissions.

Further development

By extending the IETF standardization involving Cisco Systems (2000, IETF RFC 2869 ) with RADIUS and DIAMETER (2005, IETF RFC 4004 ), in particular through additional features for mobile users the importance of TACACS will decrease especially in heterogeneous networks further.

With DIAMETER also the weakness of RADIUS over TACACS in the encryption is fixed. DIAMETER is backward compatible with RADIUS, but is not compatible with TACACS .