TACACS+ authentication for administrators
Terminal Access Controller Access-Control System (TACACS+) is a remote authentication protocol that provides access control for routers, network access servers, and other network computing devices via one or more centralized servers.
If you have configured TACACS+ support and an administrator is required to authenticate using a TACACS+ server, the FortiGate unit contacts the TACACS+ server for authentication. If the TACACS+ server cannot authenticate the administrator, the connection is refused by the FortiGate unit.
If you want to use an TACACS+ server to authenticate administrators in your VDOM, you must configure the authentication before you create the administrator accounts. To do this you need to:
• configure the FortiGate unit to access the TACACS+ server
• create a TACACS+ user group
• configure an administrator to authenticate with a TACACS+ server.
See Also
• Administrator configuration
• Trusted hosts