Configuration Guide User guide

142 FastIron Configuration Guide
53-1002494-02
TACACS and TACACS+ security
TACACS authentication
NOTE
Also, multiple challenges are supported for TACACS+ login authentication.
When TACACS authentication takes place, the following events occur.
1. A user attempts to gain access to the Brocade device by doing one of the following:
Logging into the device using Telnet, SSH, or the Web Management Interface
Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username and password.
3. The user enters a username and password.
4. The Brocade device sends a request containing the username and password to the TACACS
server.
5. The username and password are validated in the TACACS server database.
6. If the password is valid, the user is authenticated.
TACACS+ authentication
When TACACS+ authentication takes place, the following events occur.
1. A user attempts to gain access to the Brocade device by doing one of the following:
Logging into the device using Telnet, SSH, or the Web Management Interface
Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username.
3. The user enters a username.
4. The Brocade device obtains a password prompt from a TACACS+ server.
5. The user is prompted for a password.
6. The user enters a password.
7. The Brocade device sends the password to the TACACS+ server.
8. The password is validated in the TACACS+ server database.
9. If the password is valid, the user is authenticated.
TACACS+ authorization
Brocade devices support two kinds of TACACS+ authorization:
Exec authorization determines a user privilege level when they are authenticated
Command authorization consults a TACACS+ server to get authorization for commands entered
by the user
When TACACS+ exec authorization takes place, the following events occur.
1. A user logs into the Brocade device using Telnet, SSH, or the Web Management Interface
2. The user is authenticated.