6.3.3. TACACS+ authentication server

A user authentication server TACACS+ allows authorizing users on TACACS+ servers. When authorizing a user via a TACACS+ server, UserGate sends user credentials to the TACACS+ servers, which, in turn, notify UserGate whether the authentication was successful or not.

TACACS+ servers cannot provide a property of users to UserGate, so that if you have not registered them in UserGate beforehand (e.g. as local users or via LDAP connector), then you will be able to use only Known (i.e. authorized on a Radius server) or Unknown (failed to authorize on a Radius server) users in your security policies.

To create a TACACS+ authentication server, click Add, select Add a TACACS+ server and provide the following parameters:

Name

Description

Enabled

Enables or disables a given authentication server

Server name

Name of the authentication server.

Secret key

A public key used by TACACS+ for authentication.

Address

IP address of the TACACS+ server.

Port

A UDP port on which a TACACS+ server will be listening for authentication requests. By default, UDP 1812 is used.

Use a single connection

Use a single TCP connection for communications with a TACACS+ server.

Timeout (sec)

Period during which authentication from a TACACS+ server will be awaited. By default, the timeout is 4 seconds.