TACACS+ authentication
ITNCM - Base has an external authentication capability to pass the username and password supplied at login GUI (or through the API) to an external custom class for authentication. The external authentication mechanism used is TACACS+.
TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Login to ITNCM - Base is authenticated using the TACACS+ server instead of authentication locally.
There are significant benefits to be achieved from the implementation of external authentication:
- Improved Security — login authentication is more secure, as the ITNCM - Base user passwords are not held on a local database, instead it is managed and stored on a remote machine.
- Central Storage of Passwords — leverage existing password checking infrastructure. No need to duplicate account.
- Password Ageing — TACACS+ caters for password ageing, and notifies the user when the account has expired, and when it is about to expire.