[c-nsp] TACACS vs RADIUS
Javier Henderson
javier at cisco.com
Tue Feb 28 07:56:24 EST 2012
On Feb 27, 2012, at 8:01 PM, Jason 'XenoPhage' Frisvold wrote:
> On Feb 27, 2012, at 6:44 PM, Javier Henderson wrote:
>> You also lose command accounting.
>>
>> Another aspect to consider in the TACACS+ vs. RADIUS comparison is that with RADIUS only the password is encrypted, while with TACACS+ the whole payload is encrypted.
>
> Hrm.. That's concerning.. Though if command accounting is lost, then only authentication packets are passed? Either way, it sounds like I need to find a way to make TACACS work…
Right, only authentication, and accounting start/stop. No command accounting (ie, you don't have the ability to keep an audit log of configuration changes for example). And no command authorization either, as someone else said on this thread it's all or nothing.
Javier Henderson
javier at cisco.com
More information about the cisco-nsp
mailing list