Configuring TACACS+ Server With A Simple GUI
by Dmitriy Kuptsov

Managing authentication and authorization in a large-scale network is a challenge: the passwords need to be set and rotated every now and then, access to certain configuration settings needs to be controlled and, finally, users’ actions need to be logged somewhere. This poses a need for a centralized controller in the network that is responsible for such functions. Modern routers and switches, which typically run Linux operating systems, support TACACS+ protocol that enables system administrators to implement flexible rules for authentication and authorization. However, TACACS+ server implementation for Linux operating system, although neat, lacks a graphical user interface which makes daemon configuration a smooth and intuitive process. In the next few paragraphs, we will discuss how to configure the TACACS+ daemon on Linux operating system and demonstrate how to deploy a simple, yet intuitive, GUI used for the configuration of the TACACS+ instance.

TACACS+, which stands for Terminal Access Controller Access-Control System Plus, is a protocol mainly designed by Cisco and standardized in RFC8907. The primary goal of the protocol is to handle authentication and authorization of commands executed on remote telecommunication hardware on a centralized server. TACACS+ is a great protocol and can be compared to RADIUS. Its key advantages are the following: it allows scrambling or obfuscating (although, not really encrypting in a cryptographic sense) the entire payload with help of MD5 hash function and a secret shared between telecommunication hardware and a central server, it supports TCP protocol for transport, and it provides the possibility of carrying out AAA functions in a flexible way. More details on the protocol can be found in the corresponding RFC.

There exists a pretty neat implementation of the TACACS+ server for Linux. And here we will discuss how to configure this implementation on Linux and also touch aspects related to the deployment of the GUI-based tool used to configure an instance of the protocol.

In order to install TACACS+ run the following commands on the server which is reachable by your zoo of network devices: