Setting the TACACS+ encryption key
The Set TACACS Key command sets the encryption key used to encrypt all data packets between the
Sentry and the TACACS+ server. This key must match the key configured on the TACACS+ server.
To set the encryption key:
At the Sentry: prompt, type set tacacs key and press Enter.
At the TACACS+ Key: prompt, type a key of up to 60 alphanumeric and other typeable characters
(ASCII 32 to 126 decimal). Keys are case sensitive. Press Enter. To specify no password, press Enter
at the prompt.
At the Verify TACACS+ Key: prompt, retype the key. Press Enter. To verify no password, press
Enter at the prompt.
Example
Sentry: set tacacs key<Enter>
TACACS+ Key: <Enter>
Verify TACACS+ Key: <Enter>
For security, key characters are not displayed.
NOTE: A key size of zero results in no encryption being applied which may not be supported by the TACACS+ server and
is not recommended for a production environment.
Setting the authentication order
The Set Authorder command sets the authentication order for remote authentication sessions. The
Sentry supports two methods for authentication order - Remote -> Local and Remote Only.
The Remote -> Local method first attempts authentication with the TACACS+ server and if
unsuccessful with the local user database on the Sentry device.
The Remote Only method attempts authentication only with the TACACS+ server and if unsuccessful,
access is denied.
NOTE: With the Remote Only method, if authentication fails due to a communication failure with the TACACS+ server
automatic authentication fallback will occur to authenticate with the local user data base on the Sentry device.
To set the authentication order:
At the Sentry: prompt, type set authorder, followed by remotelocal or remoteonly and press Enter.
NOTE: Server Technology recommends NOT setting the authentication order to Remote Only until the TACACS+ has
been fully configured and tested.
Displaying TACACS+ configuration information
The Show TACACS command displays TACACS+ configuration information.
• Remote authentication order
• Enabled-disabled status of LDAP support
• Directory Services server IP address and domain components
• Bind request password type
To display the LDAP configuration information:
At the Sentry: prompt, type show ldap and press Enter.
Example
The following command displays the LDAP configuration information:
TACACS+ Configuration
TACACS+: Disabled
Host IP1: 98.76.54.32
Host IP2: 0.0.0.0
TACACS+ Key: (Set)
Auth Order: Remote->Local
64 • Advanced Operations Sentry PT22
Installation and Operations Manual