TACACS vs TACACS+

DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
Still pretty early in the book, but I would like to make sure I have things straight. From my understanding, the following is true. Please correct if wrong.

TACACS is Cisco's version of a RADIUS server. It is better because it encrypts the entire authentication rather than just the password. TACACS+ is an updated version of TACACS that also supports Kerberos, so that it can authenticate with Active Directory.

I think that is what I am reading, but it isn't laid out as clearly as I had hoped.

Thanks
Decide what to be and go be it.

Comments

  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    TACACS is an old open protocol. TACACS+ was developed by Cisco.

    TACACS - Wikipedia, the free encyclopedia
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    kalebksp wrote: »
    TACACS is an old open protocol. TACACS+ was developed by Cisco.

    TACACS - Wikipedia, the free encyclopedia

    Thanks for this.

    Don't know if it will really help me on the test, but it does help me wrap my head around the technology. Plus it will keep me from saying stupid stuff that lets everyone know that I'm a noob.

    Other than that, is my understanding correct?
    Decide what to be and go be it.
  • ComputadoraComputadora Member Posts: 69 ■■□□□□□□□□
    Also If my memory is correct TACACS and TACACS+ are not compatible with each other even though the names sound similar. Also I remember reading something about TACACS vulnerability is integrity and is suspect to replay attacks and spoofing. This is just by memory though let me know if any of this is wrong guys.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    On a side note, TACACS+ is most awesome because you don't have to create 50 million vpn user accounts.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    RADIUS encrypts only the password. TACAS+ encrypts the entire session. TACAS+ more reliable TCP. RADIUS UDP. RADIUS combines authentication and authorisation. TACAS+ splits. TACAS+ can interact with a Active Directory environment and use Kerberos.

    I thought I read that TACACS uses both TCP and UDP port 49. I could be mistaken though.
    Decide what to be and go be it.
  • miller811miller811 Member Posts: 897
    From Amazon.com: Network Security Bible (9780470502495): Eric Cole: Books

    A TACACS - enabled network device prompts the remote user for a username and STATIC password. TACACS does not support prompting for a password change or for the use of dynamic password tokens.

    TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions.
    I don't claim to be an expert, but I sure would like to become one someday.

    Quest for 11K pages read in 2011
    Page Count total to date - 1283
Sign In or Register to comment.