O'Reilly logo

Network Security Principles and Practices by Saadat Malik

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authorization in TACACS+

Authorization in TACACS+ takes place via two types of messages being exchanged between the NAS and the TACACS+ server.

The authorization process starts with the NAS sending an authorization REQUEST packet to the TACACS+ server. The REQUEST packet can contain information about the services or privileges that the NAS wants the AAA server to authorize the client to have. The server replies with a RESPONSE message. This RESPONSE message can specify any of the following five statuses:

  • FAIL

  • PASS_ADD

  • PASS_REPL

  • ERROR

  • FOLLOW

The FAIL status simply means that the services or privileges that were requested to be authorized for the client by the NAS are not to be given to the client.

If the status is set to PASS_ADD, arguments specified ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required