TACACS vs TACACS+

DevilsbaneDevilsbane Posts: 4,212Member
Still pretty early in the book, but I would like to make sure I have things straight. From my understanding, the following is true. Please correct if wrong.

TACACS is Cisco's version of a RADIUS server. It is better because it encrypts the entire authentication rather than just the password. TACACS+ is an updated version of TACACS that also supports Kerberos, so that it can authenticate with Active Directory.

I think that is what I am reading, but it isn't laid out as clearly as I had hoped.

Thanks
Decide what to be and go be it.

Comments

  • kalebkspkalebksp Posts: 1,033Member ■■■■■□□□□□
    TACACS is an old open protocol. TACACS+ was developed by Cisco.

    TACACS - Wikipedia, the free encyclopedia
  • DevilsbaneDevilsbane Posts: 4,212Member
    kalebksp wrote: »
    TACACS is an old open protocol. TACACS+ was developed by Cisco.

    TACACS - Wikipedia, the free encyclopedia

    Thanks for this.

    Don't know if it will really help me on the test, but it does help me wrap my head around the technology. Plus it will keep me from saying stupid stuff that lets everyone know that I'm a noob.

    Other than that, is my understanding correct?
    Decide what to be and go be it.
  • xSequentialxxSequentialx Posts: 49Member ■■■□□□□□□□
    I'm not too familiar with the differences between TACAS and TACAS+ but the info you mentioned sounds too me like the differences between TACAS+ and RADIUS.

    RADIUS encrypts only the password. TACAS+ encrypts the entire session. TACAS+ more reliable TCP. RADIUS UDP. RADIUS combines authentication and authorisation. TACAS+ splits. TACAS+ can interact with a Active Directory environment and use Kerberos.
  • ComputadoraComputadora Posts: 69Member ■■□□□□□□□□
    Also If my memory is correct TACACS and TACACS+ are not compatible with each other even though the names sound similar. Also I remember reading something about TACACS vulnerability is integrity and is suspect to replay attacks and spoofing. This is just by memory though let me know if any of this is wrong guys.
  • phoeneousphoeneous Go ping yourself... Posts: 2,333Member ■■■■■■■□□□
    On a side note, TACACS+ is most awesome because you don't have to create 50 million vpn user accounts.
  • DevilsbaneDevilsbane Posts: 4,212Member
    RADIUS encrypts only the password. TACAS+ encrypts the entire session. TACAS+ more reliable TCP. RADIUS UDP. RADIUS combines authentication and authorisation. TACAS+ splits. TACAS+ can interact with a Active Directory environment and use Kerberos.

    I thought I read that TACACS uses both TCP and UDP port 49. I could be mistaken though.
    Decide what to be and go be it.
  • miller811miller811 Posts: 897Member
    From Amazon.com: Network Security Bible (9780470502495): Eric Cole: Books

    A TACACS - enabled network device prompts the remote user for a username and STATIC password. TACACS does not support prompting for a password change or for the use of dynamic password tokens.

    TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions.
    I don't claim to be an expert, but I sure would like to become one someday.

    Quest for 11K pages read in 2011
    Page Count total to date - 1283
  • xSequentialxxSequentialx Posts: 49Member ■■■□□□□□□□
    Devilsbane wrote: »
    I thought I read that TACACS uses both TCP and UDP port 49. I could be mistaken though.

    TACAS uses both TCP and UDP but TACAS+ uses TCP
Sign In or Register to comment.