TACACS+ - BlueCat Address Manager - 9.0.0

Address Manager Administration Guide

BlueCat Address Manager
For TACACS+ authenticators, set the following in the Additional Properties section:
Field Description
TCP Port Enter the TCP port number. TACACS+ uses TCP as the communication protocol between the client and server. The default setting is 49.
Authentication Type Select Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).
Shared Secret Enter the shared secret text in this field. The shared secret is used to encrypt and decrypt the packets between the client and the server.
Group Attribute Enter the special attribute used for the custom service in the TACACS+ server. This attribute is used to get the value (group name) defined in the TACACS+ server.
Timeout (seconds) Optional. Specify the value in seconds to override the timeout setting used for authentication requests that have been sent to the TACACS+ server.

If no value is specified, it will be 2 seconds by default.

The minimum value is 1 second and maximum value is 60 seconds.

Attribute-Value pairs Specify the attribute-value pairs defined for the custom service in the TACACS+ server. The attribute-value pairs are used to identify the custom service and retrieve the group name using the group attribute defined in the custom service.
Note: After the attribute-value pair is verified against the attribute and value for the service account, the TACACS+ server returns the group attribute which will be used to get the group name. Address Manager now allows the user to log in and add the user to the group that matches the group attribute returned by the TACACS+ server.