TACACS

Terminal Access Controller Access Control System(TACACS)+ provides basically the
same functionality as RADIUS and uses the same type of components: modem
pool, access server, and TACACS+ server.TACACS+ is a Cisco proprietary protocol
and has a few extras that are not included inRADIUS.As stated earlier,RADIUS encrypts
only the user’s password when an access request is passed between the
RADIUS client and server.TACACS+ encrypts all the negotiation data being passed
back and forth, which provides a higher level of security. TACACS+ also splits up
the authentication, authorization, and auditing functionality,which RADIUS does
not. This gives the administrator more flexibility in being able to decide which
functionality she actually wants to use. It also allows another mechanism to provide
the authentication, as in aKerberosKDC,and theTACACS+would still provide the
authorization piece. Because the authentication and authorization pieces are split
up, the administrator can also configure individual user profiles. SowhenKandi dials
into the company’s network, she would have a different profile, or environment,
with different access rights than Keith would when he dials in.