TACACS/+ vs RADIUS

yosi199

It is said that TACACS/+ works in a similar manner as the RADIUS server but its becoming an alternative to RADIUS.

What is the major difference between the two?

thanks!

ChrisPEditor

I think it's because TACACS+ uses TCP instead of UDP. A reliability thing.

It probably doesn't hurt that it's a Cisco proprietary deal, either.

Met44

TACACS+ is a Cisco proprietary protocol. It offers more features than RADIUS, which is an open standard. There are a few other important differences: the transport layer protocol used is different, different parts of an access request are encrypted, and authentication and authorization are combined into one step within RADIUS.

See this: TACACS+ and RADIUS Comparison - Cisco Systems

Darril

Met44, Good link.

Just to add a little, TACACS+ is more secure than RADIUS.

They're both used for authentication. RADIUS only encrypts the password while TACACS+ encrypts the entire authentication process. The Packet Encryption paragraph in Met44's link stresses this, but it's a short paragraph that may be overlooked.

This blog entry provides an overview of how RADIUS works in general with a short comparison between the two:
Security Plus: Get Certified Get Ahead: RADIUS

Darril Gibson

yosi199

Thanks people, the links and the explanations helped me understand it better.

chrisone

Does anyone know of any free windows based tacacs+ server software?

Bl8ckr0uter

chrisone wrote: »

Does anyone know of any free windows based tacacs+ server software?

Nope. I don't think there is any. Their are plenty of free radius server software packages out there though.