TACACS+ - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Product name
BlueCat Integrity
For TACACS+ authenticators, set the following in the Additional Properties section:
Field Description
TCP Port Enter the TCP port number. TACACS+ uses TCP as the communication protocol between the client and server. The default setting is 49.
Authentication Type Select Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).
Shared Secret Enter the shared secret used to encrypt and decrypt packets between the client and the server.
Group Attribute Enter the special attribute used for the custom service in the TACACS+ server. This attribute is used to get the value (group name) defined in the TACACS+ server.
Timeout (seconds) Optional. Specify the value in seconds to override the timeout setting used for authentication requests sent to the TACACS+ server.

If no value is specified, the default value is 2 seconds.

The minimum value is 1 second and the maximum value is 60 seconds.

Attribute-Value pairs Specify the attribute-value pairs defined for the custom service in the TACACS+ server, such as "service:ppp" or "protocol:ip". The attribute-value pairs are used to identify the custom service and retrieve the group name using the group attribute defined in the custom service.
Note: After the attribute-value pair is verified against the attribute and value for the service account, the TACACS+ server returns the group attribute which will be used to get the group name. Address Manager now allows the user to log in and add the user to the group that matches the group attribute returned by the TACACS+ server.