TACACS and TACACS+ are the 2 widely talked about protocols engaged in handling remote authentication and services for access control. Let’s quickly touch base both TACACS and TACACS+ before discussing their differences –
TACACS is defined in RFC 1492 standard and supports both TCP and UDP protocols on port number 49. TACACS permits a client to accept a username and password and send a query to a TACACS authentication server.
TACACS is a comparatively an old protocol and not compatible with its successor TACACS+.
TACACS+ has replaced TACACS and provides benefit by separating the functions of Authentication, Authorization and Accounting and by encrypting all traffic between the NAS and the daemon.
Further, TACACS+ is modular in design and supports plug-in authentication, authorization, and accounting schemes etc.
Difference between both TACACS and TACACS+
|Abbreviation for||Terminal Access Controller Access Control System||Terminal Access Controller Access Control System Plus
|Standard||Open Standard||Cisco proprietary
|Passwords||TACACS does not support prompting for a password change or for the use of dynamic password tokens.||TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions
|Protocols supported||Uses both TCP and UDP||Uses TCP
|Kerberos secret key authentication||Not supported||Supported
Download the difference table here.