Shulou(Shulou.com)06/01 Report--

In fact, it is important to understand the differences between TACACS+ and RADIUS. Key factors for TACACS+ include incompatibility with TACACS and KTACACS authentication and separation of authority to encrypt all communications key factors include: the use of RADIUS proxy servers to provide scalability to combine RADIUS authentication and authorization into one process to encrypt passwords only; the use of UD to support remote access technology, 802.1X and SIP. TACACS+ is an enhancement of the original TACACS protocol by Cisco. In fact, TACACS+ is a completely new protocol that is not compatible with any previous version of TACACS. TACACS+ is supported by a family of CiCo routers and access servers. TACACS+ provides separate AA services. The separation of AAA services provides implementation flexibility because it makes it possible to use TACACS+ for authorization and accounting and another method for authentication on the same day. The extension of TACACS+ protocol provides more authentication request types and response codes than the original TACACS specification. TACACS+ provides multi-protocol support, such as P and Appletalk. Normal TACACS+ operations encrypt entire packets to provide more secure communication, and RADIUS, developed using TCP port 49LivingstonEnterprises, is an open IETF standard AAA protocol for applications such as network access or P mobility.

RADIUS can work locally and roaming, and is usually used for accounting purposes. RADIUS is currently defined in RFC28652866, 2867, and 2868. The RADIUS protocol uses a rather complex operation involving message digest 5MD5 placement and a shared key to hide passwords during transmission, even using password Authentication Protocol (PasswordAuthenticationProtocol,PAP), but the rest of the packet is sent in clear text. RADIUS combines authentication and authorization into one process.

When a user is authenticated, the user is also authorized. RADIUS uses UDP port 1645 or 1812 authentication and UDP port 1646 or 1813 for accounting. RADIUS is widely used by VoIP service providers. It sends the login certificate of a session initiation Protocol (SessionInitiationProtocol,SIP) endpoint (such as a broadband phone) to a SIP registrar using digest authentication and then sends it to a RADIUS server using RADIUS. RADIUS is also a general authentication protocol used by 8021X security standard.

In fact, what we should know is that the Diameter protocol is planned to replace RADIUS. Diameter uses a new transport protocol called flow Control Transport Protocol and uses TCP instead of UDP encapsulation.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.