To enable TACACS for ARA authentication, use the arap use-tacacs line configuration command. Use the no form of this command to disable TACACS for ARA authentication.
arap use-tacacs [single-line ]
no arap use-tacacs
single-line (Optional) Accepts the username and password in the username field. If you are using an older version of TACACS (before extended TACACS), you must use this keyword.
Disabled
Line configuration
| Release | Modification | 10.0 | This command was introduced. |
|---|
Use this command only when you have set up an extended TACACS server. This command requires the new extended TACACS server.
This command cannot be used with TACACS+. Use the arap authentication command instead.
The command specifies that if a username and password are specified in the username, separated by an asterisk (*), then a standard TACACS login query is performed using that username and password. If the username does not contain an asterisk, then normal ARA authentication is performed using TACACS.
This feature is useful when integrating TACACS with other authentication systems that require a clear text version of the user's password. Such systems include one-time passwords, token card systems, and others.
 | Caution Normal ARA authentications prevent the clear-text password from being transmitted over the link. When you use the single-line keyword, passwords cross the link in the clear, exposing them to anyone looking for such information. |
Due to the two-way nature of the ARA authentication, the ARA application requires that a password value be entered in the Password field in the ARA dialog box. This secondary password must be "arap." First enter the username and password in the form username*password in the Name field of the dialog box, then enter arap in the Password field.
The following example enables TACACS for ARA authentication:
line 3 arap use-tacacs
| Command | Description |
|---|---|
| arap enable | Enables ARA for a line. |
| arap noguest | Prevents Apple Macintosh guests from logging in to the router. |
| autoselect | Configures a line to start an ARA, PPP, or SLIP session. |
| tacacs-server extended | Enables an extended TACACS mode. |
| tacacs-server host | Specifies a TACACS host. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.