OAM - TACACS Plus Authentication

Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. TACACS Plus (TACACS+) has largely replaced its predecessors and is a separate protocol that handles authentication, authorization, and accounting (AAA) services. 

The SBC Core supports the TACACS+ protocol to allow the authentication of username/password information when logging into the SBC CLI or to access the Confd database using NETCONF. The SBC uses TCP/IP to communicate with the TACACS+ server.  

• TACACS+ is similar to RADIUS in a number of ways.  Both are relatively insecure by today's cryptography standards since the TLS transport is not supported.
• TACACS+ uses TCP for reliable communication, whereas RADIUS uses UDP.
• TACACS+ separates out the Authorization functionality, while RADIUS combines both Authentication and Authorization functionality.

(The TACACS+ protocol is specified in RFC 8907 "The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol")

TACACS+ includes the following configurations:

• TACACS Plus Retry Criteria
• TACACS Plus Group Names
• TACACS Plus Server
• TACACS Plus Status