ken@hpsdlz.sdd.hp.com (Ken Stone) (07/22/90)
A couple of questions wrt tacacs support ...
* What happens if a tacacs server can't be found ? Can I still get
in somehow ? How about on the console ?
* Is there an RFC on the protocol ?
* Can tacacs be used for the "enable-password" in any way ?
Thanks !!
-- KenBILLW@mathom.cisco.com (WilliamChops Westfield) (07/22/90)
* What happens if a tacacs server can't be found ? Can I still get
in somehow ? How about on the console ?
If you don't define a tacacs server, you can always get in. This is
sort of a way to get usernames on the terminal server without having
to implement a tacacs server.
If all of the tacacs servers are dead, you don't get in, even on the
console. The next release will have this configurable; you can have
it either requests the "enable" password (console password or enable
password), or simply succeed.
* Is there an RFC on the protocol ?
No. Not a published one anyway. It is the "standard" TACACS protocol
used by the MilNet/ARPANet TACS, but the standard has not been published
(not even as an RFC), and I think cisco is about the only one using it.
The tacacs server code we supply is about the best documentation you can
get. 8.2 extends the protocol quite a bit, getting you some extra
capabilities - this spec might get published by cisco.
* Can tacacs be used for the "enable-password" in any way ?
This is one of the features you get in 8.2 using the "extended" TACACS
features. There is no way to do this in any currently shipping software.
Bill Westfield
cisco Systems.
-------