Installation and Getting Started Guide
When TACACS+ authentication takes place, the following events occur:
A user attempts to gain access to the HP device by doing one of the following:
Logging into the device using Telnet, SSH, or the Web management interface
Entering the Privileged EXEC level or CONFIG level of the CLI
The user is prompted for a username.
The user enters a username.
The HP device obtains a password prompt from a TACACS+ server.
The user is prompted for a password.
The user enters a password.
The HP device sends the password to the TACACS+ server.
The password is validated in the TACACS+ server's database.
If the password is valid, the user is authenticated.
HP devices support two kinds of TACACS+ authorization:
Exec authorization determines a user's privilege level when they are authenticated
Command authorization consults a TACACS+ server to get authorization for commands entered by the user
When TACACS+ exec authorization takes place, the following events occur:
A user logs into the HP device using Telnet, SSH, or the Web management interface
The user is authenticated.
The HP device consults the TACACS+ server to determine the privilege level of the user.
The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the privilege level
of the user.
The user is granted the specified privilege level.
When TACACS+ command authorization takes place, the following events occur:
A Telnet, SSH, or Web management interface user previously authenticated by a TACACS+ server enters a
command on the HP device.
The HP device looks at its configuration to see if the command is at a privilege level that requires TACACS+
If the command belongs to a privilege level that requires authorization, the HP device consults the TACACS+
server to see if the user is authorized to use the command.
If the user is authorized to use the command, the command is executed.
TACACS+ accounting works as follows:
One of the following events occur on the HP device:
A user logs into the management interface using Telnet or SSH
A user enters a command for which accounting has been configured
A system event occurs, such as a reboot or reloading of the configuration file
The HP device checks its configuration to see if the event is one for which TACACS+ accounting is required.
3 - 18