TACACS+ provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services (AAA). Since robust AAA is vital for the smooth functioning of society, the dependability of TACACS+ implementations must be verified. This test suite can be used to test TACACS+ Client implementations for security flaws and robustness problems.
Used specifications
Specification
Title
Notes
draft-grant-tacacs-02
The TACACS+ Protocol
Obsoletes RFC1492
draft-ietf-opsawg-tacacs-05
The TACACS+ Protocol
Small tweaks and modifications to draft-grant-tacacs-02
Tool-specific information
Tested messages
Specifications
Notes
Authentication REPLY
draft-grant-tacacs-02
Authorization RESPONSE
draft-grant-tacacs-02
Accounting REPLY
draft-grant-tacacs-02
Supported protocol features
Specifications
Notes
Transport over TCP
draft-grant-tacacs-02
TACACS+ encryption
draft-grant-tacacs-02
TACACS+ encryption scheme is based on MD5 and was considered insecure already in 2000. The 'main security feature' is a shared key and a 4-octet session ID field that could be random, but is not mandatory to be. In fact, the latest draft (draft-ietf-opsawg-tacacs-06) defines the encryption as obfuscation.