4.4.6 TACACS+ Authentication
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol
that handles authentication, authorization, and accounting (AAA) services. Ver-
saSync supports pam_ tacplus, allowing users to validate their user-
name/password when logging into VersaSync via a TACACS+ server. Currently,
http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a Ver-
saSync unit using TACACS+ authentication via applications using any of these
protocols.
Note: Your TACACS+ files will need to have either a pap or global
user attribute. VersaSync does not authenticate tacacs.conf files
with the default login user attribute.
Caution: In order to utilize TACACS+ authentication, the account
username on the TACACS+ server must NOT be used with a local
user account.
E x a m p l e :
A user with the username user3 on the TACACS+ server will not be able to login to a
VersaSync unit, if on that unit a local user account with the username user3 exists.
However, once the user deleted the local user3 account, she will be able to login with
the TACACS+ user3 account.
Sources of general reference information on TACACS+:
https://en.wikipedia.org/wiki/TACACS
http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-
authentication-dial-user-service-radius/13838-10.html
https://github.com/jeroennijhof/pam_tacplus
See also "RADIUS Authentication" on page257
4.4.6.1 Enabling/Disabling TACACS+
To enable or disable the use of TACACS+ authentication on a VersaSync unit:
4.4 Managing Users and Security
CHAPTER 4 • VersaSync User Manual Rev. 12
261
To Next Page
Loading...
