How Authentication Operates; General Authentication Process Using A Tacacs+ Server - HP ProCurve 6400cl Series Access Security Manual

TACACS+ Authentication

How Authentication Operates

Note
First-Choice
TACACS+ Server
Second-Choice
TACACS+ Server
(Optional)
Third-Choice
TACACS+ Server
(Optional)
Figure 5-6. Using a TACACS+ Server for Authentication
5-20
To delete a per-server encryption key in the switch, re-enter the tacacs-server
host command without the key parameter. For example, if you have
configured as the encryption key for a TACACS+ server with an IP address of
10.28.227.104 and you want to eliminate the key, you would use this command:
ProCurve(config)# tacacs-server host 10.28.227.104
The show tacacs command lists the global encryption key, if configured.
However, to view any configured per-server encryption keys, you must use
or
show config show config running
changes without executing
Configuring the Timeout Period. The timeout period specifies how long
the switch waits for a response to an authentication request from a TACACS+
server before either sending a new request to the next server in the switch's
Server IP Address list or using the local authentication option. For example,
to change the timeout period from 5 seconds (the default) to 3 seconds:
ProCurve(config)# tacacs-server timeout 3

How Authentication Operates

General Authentication Process Using a TACACS+
Server
Authentication through a TACACS+ server operates generally as described
below. For specific operating details, refer to the documentation you received
with your TACACS+ server application.
ProCurve Switch
Configured for
TACACS+ Operation
ProCurve Switch
Configured for
TACACS+ Operation
(if you have made TACACS+ configuration
).
write mem
Term na i l "A
Switch V a Switch's Conso e Port i
A
Term nal " i
Accessing Th s Switch V a Te
north01
" Directly Accessing This
l
B" Remotely
i i lnet
B