RFC 1492 (rfc1492) - Page 2 of 21
An Access Control Protocol, Sometimes Called TACACS
Alternative Format: Original Text Document
RFC 1492 TACACS July 1993
and this lack of access is the main reason for the writing of this
document. This version of the specification was developed with the
assistance of Cisco Systems, who has an implementation of the TACACS
protocol that is believed to be compatible with the original
specification. To be precise, the Cisco Systems implementation
supports both the simple (non-extended) and extended versions. It is
the simple version that would be compatible with the original.
Please keep in mind that this is an informational RFC and does not
specify a standard, and that more information may be uncovered in the
future (i.e., the original specification may become available) that
could cause parts of this document to be known to be incorrect.
This RFC documents the extended TACACS protocol use by the Cisco
Systems terminal servers. This same protocol is used by the
University of Minnesota's distributed authentication system.
1. Protocol Semantics
This section will describe the requests and responses. The following
two sections will describe two different ways of encoding the
protocol.
A request/response pair is the basic unit of interaction. In this
pair, the client sends a request and the server replies with a
response. All requests must be acknowledged with a response. This
requirement implies that all requests can be denied, although it is
probably futile to attempt to deny a "logout" request.
1.1 Connections
In some cases, a string of request/response pairs forms a larger
unit, called a "connection."
There are three types of connections:
1) Authenticate only, no connection:
client: sends an AUTH packet
server: responds with a REPLY
Finseth