[7225] in Kerberos
Re: TACACS vs kerberos? Comments?
daemon@ATHENA.MIT.EDU (Russell Fulton)
Sun May 5 22:51:49 1996
To: kerberos@MIT.EDU
Date: 6 May 1996 02:25:08 GMT
From: russell@ccu1.auckland.ac.nz (Russell Fulton)
trier@odin.INS.CWRU.Edu. (Stephen C. Trier) writes:
>On Apr 29, 6:23pm, Trever Furnish wrote:
>> Is TACACS comparable to Kerberos in terms of security?
>No. TACACS relies on plaintext transmission of the username and
>password to a server and a plaintext success/fail reply from the
>server. It is subject to sniffing, spoofing, replay, and dictionary
>attacks like any service of its sort.
That is certainly true of the old xtacacs used by CIsco until recently.
Cisco now have a new protocol called tacacs+ (surprise!!) Which uses
encrypted sessions for data passed between NAS and server. It also has
support for chap and Arap authentication, acces control and accounting.
Cisco has recently announced support for Kerberos although the naure and
extent of te support wasn't clear from the glossy I was reading.
Cheers, Russell.
--
Russell Fulton, Computer Center, University of Auckland, New Zealand.
<r.fulton@auckland.ac.nz>
