tacacs and radius
Chad A. Adlawan writes:
> hello everyone !
> i friend was asking me whether i can help him convert his slackware system to debian (since imthe only debian user in our group and their slak admin jumped ship) from "tacacs" to "radius" ... whatever those are. can someone please help point to me where i
> should look for more info regarding this ?
> also in question is for an ISP billing system, any suggestions?
> TIA,
> Chad
Radius and Tacacs are protocolols for providing authentication and
authorisation over a network. Usually they are used to authentcate a
dialin users name and password when he/she connects dials in to an
access server or router and then authorise the services on that access
server (ie can the user have ip over ppp or ip and ipx or perhaps
dialback as well). You can also use them to creat a virtual dial in
profile for the user which is downloaded to whichever access box they
dial in to (saves ISPs and such like configuring all the users on each
box). They give central control and admin to this process, basically
you configure the deamon on a central (usually Linux or Unix) box and
do minimal config on the dialin routers, just point them at the
daemon.
Radius was developed by Livingston (now Lucent I think) and is pretty
much in the public domain and almost all routers etc support
it. Tacacs or these days Tacacs+ is Cisco Systems proprietry but since
they have such huge market share you still see a lot of it. Cisco
provide source code that will compile on Linux and also sell a
supported Unix and Windows NT version. There are many implementations
of Radius. Which is the best Radius or Tacacs+ depends on your
envioronment, mixed vendor equipment then Radius is best but if you
are an all Cisco site then Tacacs+ has more options for their
equipment.
Hope that clears it up for you.
Pat
Reply to: