Skip to main content

The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc:,,,, Joe Clarke <>,,, The IESG <>
Subject: Document Action: 'The TACACS+ Protocol' to Informational RFC (draft-ietf-opsawg-tacacs-17.txt)

The IESG has approved the following document:
- 'The TACACS+ Protocol'
  (draft-ietf-opsawg-tacacs-17.txt) as Informational RFC

This document is the product of the Operations and Management Area Working

The IESG contact persons are Warren Kumari and Ignas Bagdonas.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

This document describes the current implementation of of the TACACS+ protocol. It does not change or add new functionality intended to address existing and well documented shortcomings of the protocol, especially on the security side. TACACS+ is widely deployed and is expected to stay deployed for a foreseeable future, and therefore any future extensions work would benefit from having a stable reference to the current functional specification. 

Working Group Summary

The WG process was long for this document, initially resulting from the change of focus to the documentation of existing TACACS+ protocol as deployed and leaving the development of new functionality for further time. There were disagreements on whether the document should be progressed at all, what the intended status should be, and on a notable number of technical details. Eventually the consensus on what should go into the document and what the intended status should be was reached. 

Document Quality

Multiple commercial and opensource implementations of the TACACS+ protocol exist, as well as an extensive operational experience with it. Over time there have been several detailed reviews of the document by WG members, as well as feedback from implementation experience. 


Joe Clarke is the Document Shepherd for this document. Ignas Bagdonas is the Responsible Area Director. 

RFC Editor Note

RFC Editor Note

Please update the following sentence in Section 6.1:

 KRB5 and KRB4 are Kerberos version 5 and 4. 

 KRB5 [RFC4120] and KRB4 [1]  are Kerberos version 5 and 4.

And please add the following Informative References:

[RFC4120] and
[1]  Miller, S., Neuman, C., Schiller, J., and  J. Saltzer, "Section
        E.2.1: Kerberos  Authentication and Authorization System",
        M.I.T. Project Athena, Cambridge, Massachusetts, December 21,