TACACS vs TACACS+

Still pretty early in the book, but I would like to make sure I have things straight. From my understanding, the following is true. Please correct if wrong.

TACACS is Cisco's version of a RADIUS server. It is better because it encrypts the entire authentication rather than just the password. TACACS+ is an updated version of TACACS that also supports Kerberos, so that it can authenticate with Active Directory.

I think that is what I am reading, but it isn't laid out as clearly as I had hoped.

Thanks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

kalebksp

TACACS is an old open protocol. TACACS+ was developed by Cisco.

TACACS - Wikipedia, the free encyclopedia

Devilsbane

kalebksp wrote: »

TACACS is an old open protocol. TACACS+ was developed by Cisco.

TACACS - Wikipedia, the free encyclopedia

Thanks for this.

Don't know if it will really help me on the test, but it does help me wrap my head around the technology. Plus it will keep me from saying stupid stuff that lets everyone know that I'm a noob.

Other than that, is my understanding correct?

Computadora

Also If my memory is correct TACACS and TACACS+ are not compatible with each other even though the names sound similar. Also I remember reading something about TACACS vulnerability is integrity and is suspect to replay attacks and spoofing. This is just by memory though let me know if any of this is wrong guys.

Devilsbane

xSequentialx wrote: »

RADIUS encrypts only the password. TACAS+ encrypts the entire session. TACAS+ more reliable TCP. RADIUS UDP. RADIUS combines authentication and authorisation. TACAS+ splits. TACAS+ can interact with a Active Directory environment and use Kerberos.

I thought I read that TACACS uses both TCP and UDP port 49. I could be mistaken though.

miller811

From Amazon.com: Network Security Bible (9780470502495): Eric Cole: Books

A TACACS - enabled network device prompts the remote user for a username and STATIC password. TACACS does not support prompting for a password change or for the use of dynamic password tokens.

TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions.