Radius vs Tacacs+
Brian Julin
BJulin at clarku.edu
Mon May 20 21:59:29 CEST 2013
> Roberto Carna wrote:
> Sent: Monday, May 20, 2013 3:43 PM
> To: FreeRadius users mailing list
> Subject: Radius vs Tacacs+
>
> Dear, my chief ask me to choose between Tacacs+ and Radius for switches
> and Linux SSH user authentication.
This depends primarily on your cryptographic needs, and secondarily on
your needs for a consolidated AAA environment.
While there are options to provide stronger cryptography for RADIUS,
those options are not generally implemented by vendors in switch RADIUS clients.
If you are passing your AAA sessions over networks which may leak data,
the basic RADIUS secret may not offer the level of protection you need.
However, if you feel secure that your control plane is protected, you may
want to consider RADIUS as it has better cross-vendor compatibility and
also because it can integrate multiple AAA scenarios quite easily, centralizing
your AAA services in one place without as much time invested for integration
between systems.
More information about the Freeradius-Users
mailing list