Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

TACACS is an authentication scheme that can be used to validate users who are attempting to gain access to information servers, networks, and remote access servers. TACACS was originally developed by the U.S. Department of Defense and BBN Planet Corp. and then further developed by Cisco. There are three versions of the protocol: the original TACACS as just mentioned, XTACACS (Extended TACACS), and TACACS+. The first two versions are discussed in RFC 1492 (An Access Control Protocol, Sometimes Called TACACS, July 1993). TACACS+ is the latest version and should be used whenever TACACS is called for. TACACS is also discussed in RFC 2975 (Introduction to Accounting Management, October 2000). Note that TACACS, in general, is no longer being maintained.

TACACS runs as a distinct third-party authentication server that provides verification services. Basically, it off-loads user authentication to another server. When a user attempts to gain access to a secure system, the secure system first prompts the user for a name and password. The system then passes this information to the TACACS server and requests authentication services. The original TACACS was quite simple, and Cisco extended it to create TACACS+, which is modular in design and supports plug-in authentication, authorization, and accounting schemes. The system supports physical card key devices or token cards, and supports Kerberos secret-key authentication. An alternative to TACACS+ is RADIUS, which is an Internet standard. Refer to "RADIUS (Remote Authentication Dial-In User Service)" for more information.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.