[nsp] TACACS+ server of choice?
John Wong
JohnWong at crimsonlogic.com
Tue Jan 27 21:16:18 EST 2004
I'm not sure if RADIUS is capable of doing EXEC command
accounting but TACACS+ sure can.
Security-wise, RADIUS should be avoided to authenticate
network-devices. If you're concerned about security (and
you should), TACACS+ seems to be the best choice. TACACS+
encrypts the entire packet and is TCP based making it
less likely to be spoofed (like RADIUS UDP packets).
RADIUS is best used for "end-user" device authentication
like for WLAN access, Remote access, etc...
For TACACS+ s/w, SourceForge has it all. For RADIUS, I
use FreeRadius which is a highly configurable & modular
RADIUS server.
Hope this helps.
> -----Original Message-----
> From: Sean Mathias [mailto:seanm at prosolve.com]
> Sent: Wednesday, January 28, 2004 9:55 AM
> To: Ejay Hire; Streiner, Justin; cisco-nsp at puck.nether.net
> Subject: RE: [nsp] TACACS+ server of choice?
>
>
> To state the obvious, RADIUS has the advantage of
> vendor-neutrality and
> native EAP support. TACACS+ has the advantage of easy of use and full
> encryption of exchanges (rather than just the password in RADIUS). I
> prefer TACACS for the ease of use, but have had problems in the past
> with some devices (even Cisco) only supporting RADIUS.
>
> Sean Mathias
> CCIE #12779
> 206-920-0301
> seanm at prosolve.com
>
>
> -----Original Message-----
> From: Ejay Hire [mailto:ejay.hire at isdn.net]
> Sent: Tuesday, January 27, 2004 5:06 PM
> To: 'Streiner, Justin'; cisco-nsp at puck.nether.net
> Subject: RE: [nsp] TACACS+ server of choice?
>
>
> In a similar vein, I'd like opinions on Tacacs+ versus
> radius for centralized aaa.
>
> -Ejay
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Streiner, Justin
> > Sent: Tuesday, January 27, 2004 5:28 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [nsp] TACACS+ server of choice?
> >
> > For those of you who use TACACS+ authentication on your
> > network devices,
> > which TACACS+ server package are you using? I'm looking
> to replace an
> > existing TACACS+ server and would rather build it from the
>
> > ground-up if I
> > can on a unix platform. Aside from Cisco's which is
> several
> > years old,
> > and a handful of things on sourceforge, I don't see much
> out there.
> >
> > Any feedback is greatly appreciated.
> >
> > Thanks
> > jms
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list