Using The Encryption Key; General Operation - HP 3500yl Series Access Security Manual

TACACS+ Authentication
How Authentication Operates
Note
5-26
If the username/password pair entered at the requesting terminal does
■
not match either username/password pair previously configured
locally in the switch, access is denied. In this case, the terminal is
again prompted to enter a username/password pair. In the default
configuration, the switch allows up to three attempts. If the requesting
terminal exhausts the attempt limit without a successful authentica-
tion, the login session is terminated and the operator at the requesting
terminal must initiate a new session before trying again.
The switch's menu allows you to configure only the local Operator and
Manager passwords, and not any usernames. In this case, all prompts for local
authentication will request only a local password. However, if you use the CLI
or the WebAgent to configure usernames for local access, you will see a
prompt for both a local username and a local password during local authen-
tication.

Using the Encryption Key

General Operation

When used, the encryption key (sometimes termed "key", "secret key", or
"secret") helps to prevent unauthorized intruders on the network from reading
username and password information in TACACS+ packets moving between
the switch and a TACACS+ server. At the TACACS+ server, a key may include
both of the following:
■ Global key: A general key assignment in the TACACS+ server appli-
cation that applies to all TACACS-aware devices for which an indi-
vidual key has not been configured.
Server-Specific key: A unique key assignment in the TACACS+
■
server application that applies to a specific TACACS-aware device.