2.4.6 TACACS+ CLI Configuration

This guide explains how to configure TACACS+ (Terminal Access Controller Access-Control System Plus) and authentication for DSR CLI users with the tacacsCliAuthentication.sh utility.

Assumptions

• TACACS+ authentication will be applicable only to new TACACS+ managed users. Default users such as admusr, root remain unaffected by TACACS+ authentication.
• Access to sudo and other administrative commands for a TACACS+ managed users will be dependent on their group permissions. DSR provides mechanism to add TACACS+ managed users to system groups.
• When using TACACS+ with LDAP, configure LDAP CLI authentication prior to configuring TACACS+ authentication.
• If both LDAP and TACACS+ authentication are configured, user accounts must match on LDAP and TACACS+. In such case, there is no need of creating user accounts through tacacsCliAuthentication.sh tool.