Authorization in TACACS+
Authorization in TACACS+ takes place via two types of messages being exchanged between the NAS and the TACACS+ server.
The authorization process starts with the NAS sending an authorization REQUEST packet to the TACACS+ server. The REQUEST packet can contain information about the services or privileges that the NAS wants the AAA server to authorize the client to have. The server replies with a RESPONSE message. This RESPONSE message can specify any of the following five statuses:
FAIL
PASS_ADD
PASS_REPL
ERROR
FOLLOW
The FAIL status simply means that the services or privileges that were requested to be authorized for the client by the NAS are not to be given to the client.
If the status is set to PASS_ADD, arguments specified ...
Get Network Security Principles and Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.