[c-nsp] TACACS vs RADIUS
Phil Bedard
philxor at gmail.com
Mon Feb 27 17:54:20 EST 2012
On Cisco you will lose command authorization, if that is something you are using today. Other vendors like J and A allow you to define local templates and pass a VSA to the router specifying the users' template as opposed to having to authorize every sine command on the server.
Phil
On Feb 27, 2012, at 3:49 PM, "Jason 'XenoPhage' Frisvold" <xenophage at godshell.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> I'm contemplating switching from TACACS to RADIUS for admin
> authentication on switches and routers. In part this is so I can
> reduce the number of services that have to be maintained, and part has
> to do with integration with our existing authentication system.
>
> Can someone comment on whether RADIUS is a viable replacement for
> TACACS? Will I end up missing some major feature of TACACS? Will
> using RADIUS end up reducing security?
>
> Thanks,
>
> - --
> - ---------------------------
> Jason 'XenoPhage' Frisvold
> xenophage at godshell.com
> - ---------------------------
>
> "Any sufficiently advanced magic is indistinguishable from technology.\"
> - - Niven's Inverse of Clarke's Third Law
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9L7G8ACgkQO80o6DJ8Uvlc7ACdGbhjITxx5PaCFSBDsO7PrR7P
> O1QAoI8vC6OmNxNPYX/2+R838Zyz9qm/
> =WJfR
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list