Previous page Section 3.120. <ServerTACACSPLUS> Section 3.120.1. Key (1409 / 1718)   Table of Contents Section 3.120.2. EncryptedKey Next page

3.120.1. Key Previous topic Parent topic Child topic Next topic

This parameter specifies the default shared secret to be used to decrypt TACACS+ messages. When a new connection from a TACACS+ client is received, <ServerTACACSPLUS> tries to find a key to use for decrypting that connection. It first looks for a matching Client and then for a key until it finds one that has been defined:
  • If a matching Client is found: EncryptedTACACSPLUSKey parameter is preferred over TACACSPLUSKey parameter
  • EncryptedKey
  • This Key parameter
  • If a matching Client is found: EncryptedSecret parameter is preferred over Secret parameter
Note
EncryptedTACACSPLUSKey and EncryptedSecret are currently experimental and will be documented later.
Tip
If all your TACACS+ devices use the same key, use this Key parameter. If some or all of your TACACS+ devices use different keys, define a Client and TACACSPLUSKey for each differing one and set this Key as the default for the rest. If some TACACS+ clients are also RADIUS clients, define a Client clause for each one, specifying the RADIUS secret in Secret, and the TACACS+ key in TACACSPLUSKey.
Key mysecret
Previous page Section 3.120. <ServerTACACSPLUS> Section 3.120.1. Key (1409 / 1718)   Table of Contents Section 3.120.2. EncryptedKey Next page