While TACACS+ and RADIUS share much of the same functionality,
there are several important differences between them. A network administrator
should understand these differences in order to make the most appropriate
choice in implementing one or both of them in a network. These differences are
outlined in Figures
and
.
TACAC+ is generally considered superior because of the following
reasons:
- TACACS+ encrypts the entire TACACS+ packet, while RADIUS only encrypts the
shared secret password portion.
- TACACS+ separates authentication and authorization, making possible
distributed security services.
- RADIUS has limited name space for attributes.