Originally designed as means to automate logins, by which a person who was already authenticated on one host in the network could connect to another host on the same network without needing to authenticate again, TACACS is an open (quasi-)standard.
Cisco Systems began supporting TACACS in its networking products in the late 1980s, eventually adding their own extensions to the protocol, which the company then called 'XTACACS' ('eXtended TACACS'). In the simple (non-extended) form, Cisco's implementation was compatible with the original TACACS, while the extended form (XTACACS) was not.
'TACACS+', in which the individual tasks of authentication, authorization and accounting were separate processes. Also, while the XTACACS and TACACS use UDP (port 49), TACACS+ uses TCP (but still port 49).
- 3 separate processes: AAA
- Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations. Another difference is that
- TACACS+ uses the Transmission Control Protocol (TCP) while
- RADIUS uses the User Datagram Protocol (UDP).