Hi, With tacacs+ you can certainly use one time passwords for 2 factor authentication such as SecureID. Tacacs+ is great if you need multiple privilege levels on a router. For example you limit commands for Tier I and open them up for Tier II. I'm not sure that Radius can do that. Also the transmission from the device to the Tacacs+ server is encrypted whereas I believe it is in the clear with Radius.
Just some thoughts, Ian www.ccie4u.com Rack Rentals and Lab Scenarios starting at $20 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dom Sent: Friday, June 20, 2003 7:22 AM To: [EMAIL PROTECTED] Subject: OT: RADIUS v TACACS [7:70968] I've just been asked the following by an old friend - "A quick question. If one uses TACACS Do you know what choices are there for handheld One Time Password generators, like RSA, secureID, etc. I am just about to make alternative choices for a replacement of our Vasco RADIUS server and at this time perhaps RSA leads but I would welcome any alternatives. When you say TACACS is better - why would that be true?" I'm a little rusty in this area and was wondering if anyone in this group had any views. I've just been using TACACS for years. As I said, the question comes from an old mate of mine - this is not consultancy work, I'm just trying to help out . TIA, Best regards, Dom Stocqueler SysDom Technologies Visit our website - www.sysdom.org ======================================================================== ======= IMPORTANT: This email is intended for the use of the individual addressee(s)named above and may contain information that is confidential privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the poodle next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites and place it in a warm oven for 40 minutes. Whisk briefly and let it stand for 2 hours before icing. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71055&t=70968 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
