4.3.5 TACACS+ Authentication
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol that handles
authentication, authorization, and accounting (AAA) services. NetClock supports pam_tacplus,
allowing users to validate their username/password when logging into NetClock via a
TACACS+ server. Currently, http/https/ssh/telnet/ftp protocols are supported, i.e. you can
login to a NetClock unit using TACACS+ authentication via applications using any of these pro
tocols.
Caution: In order to utilize TACACS+ authentication, the account username on the
TACACS+ server must NOT be used with a local user account.
E x a m p l e :
A user with the username user3 on the TACACS+ server will not be able to login to a NetClock unit,
if on that unit a local user account with the username user3 exists. However, once the user deleted the
local user3 account, she will be able to login with the TACACS+ user3 account.
Sources of general reference information on TACACS+:
https://en.wikipedia.org/wiki/TACACS
http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-
authentication-dial-user-service-radius/13838-10.html
https://github.com/jeroennijhof/pam_tacplus
See also "RADIUS Authentication" on page250
4.3.5.1 Enabling/Disabling TACACS+
To enable or disable the use of TACACS+ authentication on a NetClock unit:
1.
In the Web UI, navigate to MANAGEMENT > OTHER: Authentication.
2.
In the Actions panel on the left, click TACACS+. The TACACS+ Setup window will be
displayed.
3.
Check the box labeled HTTP/HTTPS if you want to enable TACACS+, or uncheck the
box if you want to disable TACACS+.
4.
Click Submit.
4.3.5.2 Adding/Removing a TACACS+ Server
To add a TACACS+ authentication server, or remove a server from the list:
4.3 Managing Users and Security
CHAPTER 4 • NetClock User Reference Guide Rev. 16
253
To Next Page
Loading...
