Terminal Access Controller Access-Control System Plus (TACACS+) is an external authentication server used for verifying user credentials.
The TACACS+ protocols support environments that are configured for authentication, authorization, and accounting (AAA) services.
XCO supports up to five auth preferences and TACACS+ servers can be added accordingly. If any TACACS+ server addition fails due to auth preference limit, delete the unwanted auth preference and add a new TACACS+ config.
TACACS+ authentication must be enabled. If TACACS+ authentication is not enabled, only local authentication is used.
If remote authentication fails, XCO attempts to use local authentication, which is successful only if the user is in the XCO database.
The secret key configured for XCO must match the secret key from the TACACS+ server configuration file. Authentication fails if the two values do not match.
The service and xco-role entries configured for XCO must match the equivalent entries in the TACAS+ server configuration file.