Supported RADIUS and TACACS+ Standards for User Authentication
For validation of the identity of users who attempt to access a router, Junos OS supports RADIUS authentication, TACACS+ authentication, and authentication by means of Junos OS user accounts configured on the router. Junos OS supports the configuration of Juniper Networks-specific RADIUS and TACACS+ attributes, and the creation of template accounts.
All users who can log in to the router must already be assigned to a Junos OS login class. A login class defines its members’ access privileges during a login session, the commands they can and cannot issue, the configuration statements they can and cannot view or change, and the idle time before a member’s login session is terminated.
Junos OS substantially supports the following RFCs, which define standards for RADIUS and TACACS+.
RFC 1492, An Access Control Protocol, Sometimes Called TACACS
RFC 2865, Remote Authentication Dial In User Service (RADIUS)
RFC 3162, RADIUS and IPv6
RFC 4818, RADIUS Delegated-IPv6-Prefix Attribute
The following Internet drafts do not define standards, but provide information about RADIUS. The IETF classifies them as “Informational.”
RFC 2866, RADIUS Accounting
RFC 2868, RADIUS Attributes for Tunnel Protocol Support
RFC 2869, RADIUS Extensions
RFC 4679, DSL Forum Vendor-Specific RADIUS Attributes
RFC 5176, Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)