Terminal Access Controller Access-Control System Plus
(TACACS+) is a family of protocols that enable authentication and
authorization through a centralized server. TACACS+ encrypts usernames
and passwords, making it more secure than RADIUS, which encrypts
only passwords. TACACS+ is also more reliable because it uses TCP,
whereas RADIUS uses UDP. You can configure TACACS+ authentication
for end users or administrators
on the firewall and for
administrators
on Panorama. Optionally, you can use TACACS+
Vendor-Specific Attributes (VSAs) to manage administrator authorization.
TACACS+ VSAs enable you to quickly change the roles, access domains,
and user groups of administrators through your directory service
instead of reconfiguring settings on the firewall and Panorama.