Using TACACS+ in user authentication

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol used for similar purposes as RADIUS.

In general, TACACS+ provides a more secure method of user authentication than RADIUS. TACACS+ uses TCP as the transport protocol instead of UDP, so transport is more reliable and less sensitive to disruption at the network layer.

TACACS+ also separates authentication, authorization, and accounting services, whereas RADIUS provides a user profile defining all user-specific parameters with the authentication. This separation of services allows TACACS+ to use other forms of authentication, such as Kerberos, together with its own authorization.

TACACS+ uses a pre-shared key to authenticate exchanges. TACACS+ encrypts all traffic between the authentication server and the device requesting authentication. User information, such as IDs and passwords, are secured with the MD5 message digest algorithm.