[7218] in Kerberos
Re: keberos authentication with tacacs ?
daemon@ATHENA.MIT.EDU (John Hawkinson)
Sat May 4 18:16:57 1996
Date: Sat, 4 May 1996 18:08:35 -0400 (EDT)
To: Sam Hartman <hartmans@MIT.EDU>
Cc: john@iastate.edu (John Hascall), kerberos@MIT.EDU
In-Reply-To: "[7217] in Kerberos"
From: John Hawkinson <jhawk@MIT.EDU>
You folks are somewhat confused -- you should not be using TACACS or
extended TACACS if you're concerned about security and are running
relatively recent cisco code.
TACACS+, which arrives in IOS 10.3 and above, supports encrypted
connections between the client (i.e. the terminal server) and the
TACACS+ server.
There are various issues with the security of the encryption key and
storage in your tacacs client, but most people are happy to
conveniently ignore those for the time being.
--jhawk
