Installation and Getting Started Guide
TACACS+ Authentication
When TACACS+ authentication takes place, the following events occur:
1.
A user attempts to gain access to the HP device by doing one of the following:
•
Logging into the device using Telnet, SSH, or the Web management interface
•
Entering the Privileged EXEC level or CONFIG level of the CLI
2.
The user is prompted for a username.
3.
The user enters a username.
4.
The HP device obtains a password prompt from a TACACS+ server.
5.
The user is prompted for a password.
6.
The user enters a password.
7.
The HP device sends the password to the TACACS+ server.
8.
The password is validated in the TACACS+ server's database.
9.
If the password is valid, the user is authenticated.
TACACS+ Authorization
HP devices support two kinds of TACACS+ authorization:
•
Exec authorization determines a user's privilege level when they are authenticated
•
Command authorization consults a TACACS+ server to get authorization for commands entered by the user
When TACACS+ exec authorization takes place, the following events occur:
1.
A user logs into the HP device using Telnet, SSH, or the Web management interface
2.
The user is authenticated.
3.
The HP device consults the TACACS+ server to determine the privilege level of the user.
4.
The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the privilege level
of the user.
5.
The user is granted the specified privilege level.
When TACACS+ command authorization takes place, the following events occur:
1.
A Telnet, SSH, or Web management interface user previously authenticated by a TACACS+ server enters a
command on the HP device.
2.
The HP device looks at its configuration to see if the command is at a privilege level that requires TACACS+
command authorization.
3.
If the command belongs to a privilege level that requires authorization, the HP device consults the TACACS+
server to see if the user is authorized to use the command.
4.
If the user is authorized to use the command, the command is executed.
TACACS+ Accounting
TACACS+ accounting works as follows:
1.
One of the following events occur on the HP device:
•
A user logs into the management interface using Telnet or SSH
•
A user enters a command for which accounting has been configured
•
A system event occurs, such as a reboot or reloading of the configuration file
2.
The HP device checks its configuration to see if the event is one for which TACACS+ accounting is required.
3 - 18