From: Fabrice Bobes (study@6colabs.com)
Date: Fri May 16 2003 - 15:18:46 GMT-3
Charles,
Radius doesn't support command authorization, therefore you will get
more granularity with Tacacs for what you may want to do.
You can allow or disallow specifics commands at the privilege level but
you can't do it at the user level with Radius.
Let's say you want to disallow the command "enable" for only one user to
whom you gave privilege 0.
With Radius, you can only enforce this at the privilege level and no
user with privilege 0 will be able to issue "enable".
With Tacacs, you can do it.
Thanks,
Fabrice
http://www.6colabs.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
charles Henson (ICS)
Sent: Friday, May 16, 2003 9:26 AM
To: ccielab@groupstudy.com
Subject: OT: granularity of Tacacs VS radius
Sorry for the OT. We've done some research on implementing an enterprise
radius solution for a customer. One thing we can't find anywhere is
something that might clarify the differences (if any) when setting up
privilege levels on Tacacs VS. Radius. Are there any? Is there a greater
degree of granularity in the control we have over user profiles by going
with Tacacs or is it the same as Radius. If anyone has any experience
with this please reply.....
Charles Henson
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:44 GMT-3