[tac_plus] How does the TACACS+ server know which authentication mechanism (PAP, CHAP, etc) to use?

heasley heas at shrubbery.net
Thu Jul 11 14:55:23 UTC 2013


Thu, Jul 11, 2013 at 07:46:13PM +0530, Sachin.6.Gupta:
> Hi All,
> 
> Its a pretty basic question answer to which i am not able to figure out yet.
> 
> Hope some one could shed some light here.
> 
> TACACS+ Server gives option of User Authentication by following methods: 1. ASCII 2. PAP 3. CHAP 4. MSCHAP 5. ARAP
> 
> But how does the server know which one to use to authenticate?
> 
> Went through the RFC and it seems that the AUTH Packet has a Authen_type field which decides this.
> 
> Then i guess some configuration has to be done on the devices to enable either of these. But i failed to find any specific configuration commands to enable either of these.

correct.

authen_type

   The type of authentication that is being performed. Legal values are:

   TAC_PLUS_AUTHEN_TYPE_ASCII      := 0x01

   TAC_PLUS_AUTHEN_TYPE_PAP        := 0x02

   TAC_PLUS_AUTHEN_TYPE_CHAP       := 0x03

   TAC_PLUS_AUTHEN_TYPE_ARAP       := 0x04

   TAC_PLUS_AUTHEN_TYPE_MSCHAP     := 0x05


More information about the tac_plus mailing list