Tacacs+ Authentication; Enabling/Disabling Tacacs - Safran SecureSync 2400 User Manual

Hide thumbs Also See for SecureSync 2400:

Table of Contents

4.3 Managing Users and Security

TACACS+ Authentication

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol

that handles authentication, authorization, and accounting (AAA) services.

SecureSync supports pam_ tacplus, allowing users to validate their user-

name/password when logging into SecureSync via a TACACS+ server. Currently,

http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a

SecureSync unit using TACACS+ authentication via applications using any of

these protocols.

E x a m p l e :

A user with the username

SecureSync unit, if on that unit a local user account with the username

However, once the user deleted the local

Sources of general reference information on TACACS+:

To enable or disable the use of TACACS+ authentication on a SecureSync unit:

Your TACACS+ files will need to have either a pap or global

user attribute. SecureSync does not authenticate tacacs.conf files

with the default login user attribute.

In order to utilize TACACS+ authentication, the account

username on the TACACS+ server must NOT be used with a local

user account.

https://en.wikipedia.org/wiki/TACACS

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-

authentication-dial-user-service-radius/13838-10.html

https://github.com/jeroennijhof/pam_tacplus

"RADIUS Authentication" on page 290

on the TACACS+ server will not be able to login to a

account, she will be able to login with

SecureSync 2400 User Manual Rev. 5.2