[tac_plus] How does the TACACS+ server know which authentication mechanism (PAP, CHAP, etc) to use?
heasley
heas at shrubbery.net
Thu Jul 11 14:55:23 UTC 2013
Thu, Jul 11, 2013 at 07:46:13PM +0530, Sachin.6.Gupta:
> Hi All,
>
> Its a pretty basic question answer to which i am not able to figure out yet.
>
> Hope some one could shed some light here.
>
> TACACS+ Server gives option of User Authentication by following methods: 1. ASCII 2. PAP 3. CHAP 4. MSCHAP 5. ARAP
>
> But how does the server know which one to use to authenticate?
>
> Went through the RFC and it seems that the AUTH Packet has a Authen_type field which decides this.
>
> Then i guess some configuration has to be done on the devices to enable either of these. But i failed to find any specific configuration commands to enable either of these.
correct.
authen_type
The type of authentication that is being performed. Legal values are:
TAC_PLUS_AUTHEN_TYPE_ASCII := 0x01
TAC_PLUS_AUTHEN_TYPE_PAP := 0x02
TAC_PLUS_AUTHEN_TYPE_CHAP := 0x03
TAC_PLUS_AUTHEN_TYPE_ARAP := 0x04
TAC_PLUS_AUTHEN_TYPE_MSCHAP := 0x05
More information about the tac_plus
mailing list