# TACACS+

Tacacs+

# TACACS+ (The Terminal Access Controller Access-Control System Plus)

> TACACS+ is a security protocol that provides centralized validation of users who are attempting to gain access to a router or other devices.
> 
> TACACS+ is a protocol for AAA services:
> 
> - Authentication
> - Authorization
> - Accounting

---

[*https://www.rfc-editor.org/rfc/rfc8907.html*](https://www.rfc-editor.org/rfc/rfc8907.html)

# TACACS+ architecture

## Introduction

<div drawio-diagram="1411"><img src="https://bookstack.soffid.com/uploads/images/drawio/2023-04/drawing-5-1681113697.png" alt=""/></div>

# TACACS+ Example

## Service Provider

[![image-1681221680349.png](https://bookstack.soffid.com/uploads/images/gallery/2023-04/scaled-1680-/image-1681221680349.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-04/image-1681221680349.png)

## Information Systems

When a Tacacs Service Provider is created, Soffid creates an Information System

[![image-1681221732876.png](https://bookstack.soffid.com/uploads/images/gallery/2023-04/scaled-1680-/image-1681221732876.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-04/image-1681221732876.png)

There are some roles defined for this Information System (0: anonymous, 1: user, ....15: root)

[![image-1681221803826.png](https://bookstack.soffid.com/uploads/images/gallery/2023-04/scaled-1680-/image-1681221803826.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-04/image-1681221803826.png)