Using The Encryption Key - HP ProCurve 2510G Series Manual

TACACS+ Authentication
Configuring TACACS+ on the Switch
Note
Note
4-26
The switch's menu allows you to configure only the local Operator and
Manager passwords, and not any usernames. In this case, all prompts for local
authentication will request only a local password. However, if you use the CLI
or the Web browser interface to configure usernames for local access, you will
see a prompt for both a local username and a local password during local
authentication.

Using the Encryption Key

General Operation
When used, the encryption key (sometimes termed "key", "secret key", or
"secret") helps to prevent unauthorized intruders on the network from reading
username and password information in TACACS+ packets moving between
the switch and a TACACS+ server. At the TACACS+ server, a key may include
both of the following:
■ Global key: A general key assignment in the TACACS+ server appli-
cation that applies to all TACACS-aware devices for which an indi-
vidual key has not been configured.
Server-Specific key: A unique key assignment in the TACACS+
■
server application that applies to a specific TACACS-aware device.
Configure a key in the switch only if the TACACS+ server application has this
exact same key configured for the switch. That is, if the key parameter in
switch "X" does not exactly match the key setting for switch "X" in the
TACACS+ server application, then communication between the switch and
the TACACS+ server will fail.
Thus, on the TACACS+ server side, you have a choice as to how to implement
a key. On the switch side, it is necessary only to enter the key parameter so
that it exactly matches its counterpart in the server. For information on how
to configure a general or individual key in the TACACS+ server, refer to the
documentation you received with the application.