AAA supports all three of these security protocols to
control dial-up access into networks. You look, in turn, at each, but note that
Cisco supports Kerberos as a legacy security protocol for those networks already
committed to it. Cisco Secure Access Control Server (ACS), covered in the next chapter, only
implements TACACS+ and RADIUS databases.
At the most obvious level, each of these three protocols does the
same thing. Each provides a secure authentication process that allows remote
users to access an organization’s network resources. At the nuts and bolts
level, these are quite different systems, requiring several chapters to detail.
The good news is this: that detailed information exists in many places,
including Cisco’s web site, which is where it’s going to stay. This chapter
covers those features and differences that might be on the certification exams
and would allow a person to choose among them for implementation, or at least to
move ahead with intelligent research.
Kerberos is covered first, and then TACACS+ and RADIUS are
compared to help determine which should be implemented as part of Cisco Secure
ACS.
|
Note |
It’s important to make sure that TACACS+, RADIUS, or
Kerberos server services are properly configured before adding the client
features to the NAS. Otherwise, you could lock yourself out and require a
password recovery. |
Sections
Comments (0 posted)
Syndication
