Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
191192193194195196197198199200
FastIron Configuration Guide 139
53-1002494-02
TACACS and TACACS+ security
Deleting the SSL certificate
To delete the SSL certificate, enter the following command.
Brocade(config)#crypto-ssl certificate zeroize
Syntax: [no] crypto-ssl certificate zeroize
TACACS and TACACS+ security
You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the Brocade device:
Telnet access
SSH access
Console access
Web management access
Access to the Privileged EXEC level and CONFIG levels of the CLI
The TACACS and TACACS+ protocols define how authentication, authorization, and accounting
information is sent between a Brocade device and an authentication database on a
TACACS/TACACS+ server. TACACS/TACACS+ services are maintained in a database, typically on a
UNIX workstation or PC with a TACACS/TACACS+ server running.
How TACACS+ differs from TACACS
TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET.
TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.
TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by
separating the functions of authentication, authorization, and accounting (AAA) and by encrypting
all traffic between the Brocade device and the TACACS+ server. TACACS+ allows for arbitrary length
and content authentication exchanges, which allow any authentication mechanism to be utilized
with the Brocade device. TACACS+ is extensible to provide for site customization and future
development features. The protocol allows the Brocade device to request very precise access
control and allows the TACACS+ server to respond to each component of that request.
NOTE
TACACS+ provides for authentication, authorization, and accounting, but an implementation or
configuration is not required to employ all three.
TACACS/TACACS+ authentication, authorization,
and accounting
When you configure a Brocade device to use a TACACS/TACACS+ server for authentication, the
device prompts users who are trying to access the CLI for a user name and password, then verifies
the password with the TACACS/TACACS+ server.