TACACS (Terminal Access Controller Access Control System) is an early protocol that was commonly
found on RAS servers to orward user, dialup logon information to an authentication server in encrypted
form.
TACACS does not provide authentication, it encrypts user information before it is forwarded to an authentication server.
This type of connection has the
RAS (Remote Access Server) pass logon information to the RADIUS server for authentication.
Typically the RADIUS server would be located within the corporate network, where as the RAS would be located outside the firewall, within the DMZ semi private area.
RADIUS (Remote Authentication Dial Up Service) is used to centralize the authentication of a dial up connection. The RADIUS server provides authentication for dial in users using a symmetric key algorithm (private key).
When working with RADIUS it is important to remember that the RAS server (client), forwards user logon information (from the dial in user), to the RADIUS server for authentication. Typically this connection would be a VPN (Virtual private network), which would offer a higher level of security.
The TACACS+ protocol added authentication and authorization capabilities which is similar to RADIUS.
The difference is that TACACS+ relies on TCP and RADIUS relies on UDP.
Copyright ©2002-2006 Testbusters.net. All Rights Reserved.
Testbusters.net is not sponsored, endorsed or affiliated by any associated vendor.
Associated venders include, but are not limited to, Microsoft®, Cisco®, CompTIA®, Novell® etc.
