[tac_plus] How does the TACACS+ server know which authentication mechanism (PAP, CHAP, etc) to use?

heasley heas at shrubbery.net
Thu Jul 11 17:10:43 UTC 2013 

Thu, Jul 11, 2013 at 10:21:58PM +0530, Sachin.6.Gupta:
> I agree. Saw the same thing in the documentation.
> 
> But where do i configure these? On the Device?
> 
> Can you please point me to the right link for configuring these?

generally you do not; the type is based on the service in use (cli, modem,
etc).  see your device's documentation or contact their TAC.

> Regards
> ________________________________________
> From: heasley [heas at shrubbery.net]
> Sent: Thursday, July 11, 2013 8:25 PM
> To: Sachin.6.Gupta
> Cc: tac_plus at shrubbery.net
> Subject: Re: [tac_plus] How does the TACACS+ server know which authentication mechanism (PAP, CHAP, etc) to use?
> 
> Thu, Jul 11, 2013 at 07:46:13PM +0530, Sachin.6.Gupta:
> > Hi All,
> >
> > Its a pretty basic question answer to which i am not able to figure out yet.
> >
> > Hope some one could shed some light here.
> >
> > TACACS+ Server gives option of User Authentication by following methods: 1. ASCII 2. PAP 3. CHAP 4. MSCHAP 5. ARAP
> >
> > But how does the server know which one to use to authenticate?
> >
> > Went through the RFC and it seems that the AUTH Packet has a Authen_type field which decides this.
> >
> > Then i guess some configuration has to be done on the devices to enable either of these. But i failed to find any specific configuration commands to enable either of these.
> 
> correct.
> 
> authen_type
> 
>    The type of authentication that is being performed. Legal values are:
> 
>    TAC_PLUS_AUTHEN_TYPE_ASCII      := 0x01
> 
>    TAC_PLUS_AUTHEN_TYPE_PAP        := 0x02
> 
>    TAC_PLUS_AUTHEN_TYPE_CHAP       := 0x03
> 
>    TAC_PLUS_AUTHEN_TYPE_ARAP       := 0x04
> 
>    TAC_PLUS_AUTHEN_TYPE_MSCHAP     := 0x05
> 
> ============================================================================================================================Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.techmahindra.com/tim/disclaimer.html</a> internally within Tech Mahindra.============================================================================================================================

More information about the tac_plus mailing list