CN102739657A - Enable authentication method and method for butt TACACS (Terminal Access Controller Access Control System) + server - Google Patents
Enable authentication method and method for butt TACACS (Terminal Access Controller Access Control System) + server Download PDFInfo
- Publication number
- CN102739657A CN102739657A CN2012101992147A CN201210199214A CN102739657A CN 102739657 A CN102739657 A CN 102739657A CN 2012101992147 A CN2012101992147 A CN 2012101992147A CN 201210199214 A CN201210199214 A CN 201210199214A CN 102739657 A CN102739657 A CN 102739657A
- Authority
- CN
- China
- Prior art keywords
- tacacs
- enable authentication
- server
- client
- enable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种对接TACACS+服务器的enable认证方法及系统,所述方法包括:在IP网络中,TACACS+客户端向TACACS+服务器发送包含enable认证类型的enable认证请求报文,请求TACACS+服务器进行认证;TACACS+服务器收到所述enable认证请求报文后,提取其中的enable认证类型,并根据enable认证类型,生成用于响应所述enable认证请求报文的enable认证响应报文并发送至TACACS+客户端;TACACS+客户端根据所述enable认证响应报文,判断enable认证对接TACACS+服务器是否成功;当判断结果为未成功时,TACACS+客户端修改enable认证请求报文中的enable认证类型,并重复以上步骤,直至enable认证对接TACACS+服务器成功。
The invention discloses an enable authentication method and system for docking with a TACACS+ server. The method includes: in an IP network, a TACACS+ client sends an enable authentication request message containing an enable authentication type to a TACACS+ server, and requests the TACACS+ server to perform authentication; After receiving the enable authentication request message, the TACACS+ server extracts the enable authentication type therein, and generates an enable authentication response message for responding to the enable authentication request message according to the enable authentication type and sends it to the TACACS+ client; The TACACS+ client judges whether the enable authentication is connected to the TACACS+ server according to the enable authentication response message; when the judgment result is unsuccessful, the TACACS+ client modifies the enable authentication type in the enable authentication request message, and repeats the above steps until The enable authentication successfully connects to the TACACS+ server.
Description
技术领域 technical field
本发明涉及通信领域,特别涉及一种TACACS+enable认证不同认证类型的处理技术。The invention relates to the communication field, in particular to a processing technique for TACACS+enable authentication of different authentication types.
背景技术 Background technique
TACACS+(Terminal Access Controller Access Control System)即终端访问控制器访问控制系统,是一种AAA(Authentication、Authorization、Accounting)类型的网络应用协议。TACACS+支持独立的认证、授权和计费功能,允许不同的TACACS+安全服务器分别作为认证、授权和记账服务器,用于认证、授权和计费等功能。TACACS+ (Terminal Access Controller Access Control System) is a terminal access controller access control system, which is an AAA (Authentication, Authorization, Accounting) type network application protocol. TACACS+ supports independent authentication, authorization, and accounting functions, and allows different TACACS+ security servers to serve as authentication, authorization, and accounting servers for authentication, authorization, and accounting functions.
该协议实现了对于用户接入的远程控制。enable认证是用户进行enable鉴权时采用TACACS+服务器认证。TACACS+draft规定,对于enable认证,其报文的authen_type(认证类型)没有使用(not used)。This protocol realizes remote control of user access. Enable authentication means that TACACS+ server authentication is used when the user performs enable authentication. TACACS+draft stipulates that for enable authentication, the authen_type (authentication type) of the message is not used (not used).
目前TACACS+服务器比较多,不同的TACACS+服务器对enable认证请求报文的认证类型字段处理也不同,所有采用enable认证对接不同的TACACS+服务器会对接不成功。由于TACACS+draft没有明确规定enable认证请求报文的enable认证类型具体值,因此,如何保证enable认证成功对接不同的TACACS+服务器成为亟待解决的问题。At present, there are many TACACS+ servers, and different TACACS+ servers process the authentication type field of the enable authentication request message differently. All interconnection with different TACACS+ servers using enable authentication will fail. Since TACACS+draft does not clearly specify the specific value of the enable authentication type in the enable authentication request message, how to ensure that the enable authentication is successfully interconnected with different TACACS+ servers has become an urgent problem to be solved.
发明内容 Contents of the invention
本发明的目的在于提供一种对接TACACS+服务器的enable认证方法及系统,能更好地解决enable认证对接不同TACACS+服务器失败的问题。The purpose of the present invention is to provide an enable authentication method and system for docking with TACACS+ servers, which can better solve the problem of failure of enable authentication for docking with different TACACS+ servers.
根据本发明的一个方面,提供了一种对接TACACS+服务器的enable认证方法,包括:According to one aspect of the present invention, a kind of enable authentication method of docking TACACS+ server is provided, comprising:
在IP网络中,TACACS+客户端向TACACS+服务器发送包含enable认证类型的enable认证请求报文,请求TACACS+服务器进行认证;In the IP network, the TACACS+ client sends an enable authentication request message containing the enable authentication type to the TACACS+ server, requesting the TACACS+ server to perform authentication;
TACACS+服务器收到所述enable认证请求报文后,提取其中的enable认证类型,并根据所述enable认证类型,生成用于响应所述enable认证请求报文的enable认证响应报文并发送至所述TACACS+客户端;After receiving the enable authentication request message, the TACACS+ server extracts the enable authentication type therein, and generates an enable authentication response message for responding to the enable authentication request message according to the enable authentication type, and sends it to the TACACS+ client;
TACACS+客户端根据所述enable认证响应报文,判断enable认证对接TACACS+服务器是否成功;The TACACS+ client judges whether the enable authentication is connected to the TACACS+ server successfully according to the enable authentication response message;
当判断结果为未成功时,TACACS+客户端修改enable认证请求报文中的enable认证类型,并重复以上步骤,直至enable认证对接TACACS+服务器成功。When the judgment result is unsuccessful, the TACACS+ client modifies the enable authentication type in the enable authentication request message, and repeats the above steps until the enable authentication is connected to the TACACS+ server successfully.
优选地,所述TACACS+客户端在发送enable认证请求报文后进行定时处理,等待所述TACACS+服务器在预定时间内响应所述enable认证请求报文。Preferably, the TACACS+ client performs timing processing after sending the enable authentication request message, and waits for the TACACS+ server to respond to the enable authentication request message within a predetermined time.
优选地,当所述TACACS+客户端在发送enable认证请求报文后的预定时间内,未收到所述TACACS+服务器响应的enable认证响应报文时,确定enable认证对接TACACS+服务器未成功。Preferably, when the TACACS+ client does not receive the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, it is determined that the enable authentication interconnection with the TACACS+ server is unsuccessful.
优选地,当所述TACACS+客户端在发送enable认证请求报文后的预定时间内,收到所述TACACS+服务器响应的enable认证响应报文时,解析所述enable认证响应报文,并利用解析结果确定enable认证对接TACACS+服务器是否成功。Preferably, when the TACACS+ client receives the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, it parses the enable authentication response message and uses the analysis result Check whether enable authentication succeeds in interconnecting with the TACACS+ server.
优选地,所述enable认证类型包括none、ascii、pap、chap、arap、mschap。Preferably, the enable authentication type includes none, ascii, pap, chap, arap, mschap.
根据本发明的另一方面,提供了一种对接TACACS+服务器的enable认证系统,包括运行在IP网络上的TACACS+客户端和TACACS+服务器,其特征在于,According to another aspect of the present invention, a kind of enable authentication system docking TACACS+ server is provided, including TACACS+ client and TACACS+ server running on IP network, it is characterized in that,
所述TACACS+客户端,用于向TACACS+服务器发送包含enable认证类型的enable认证请求报文,请求TACACS+服务器进行enable认证,并根据收到的enable认证响应报文,判断enable认证对接TACACS+服务器是否成功,当判断结果为未成功时,修改enable认证请求报文中的enable认证类型,并重复进行enable认证,直至enable认证对接TACACS+服务器成功;The TACACS+ client is used to send an enable authentication request message that includes the enable authentication type to the TACACS+ server, request the TACACS+ server to perform enable authentication, and judge whether the enable authentication is connected to the TACACS+ server successfully according to the received enable authentication response message, When the judgment result is unsuccessful, modify the enable authentication type in the enable authentication request message, and repeat the enable authentication until the enable authentication successfully connects to the TACACS+ server;
所述TACACS+服务器,用于在收到所述enable认证请求报文后,提取其中的enable认证类型,并根据所述enable认证类型,生成用于响应所述enable认证请求报文的enable认证响应报文并发送至所述TACACS+客户端。The TACACS+ server is configured to, after receiving the enable authentication request message, extract the enable authentication type therein, and generate an enable authentication response message for responding to the enable authentication request message according to the enable authentication type and send it to the TACACS+ client.
优选地,所述TACACS+客户端包括:Preferably, the TACACS+ client includes:
客户端报文收发单元,用于发送包含enable认证类型的enable认证请求报文,并接收所述TACACS+服务器响应的所述enable认证响应报文;A client message sending and receiving unit, configured to send an enable authentication request message containing an enable authentication type, and receive the enable authentication response message responded by the TACACS+ server;
客户端定时单元,用于在所述报文收发单元发送所述enable认证请求报文后进行定时处理,等待所述TACACS+服务器在预定时间内响应所述enable认证请求报文;The client timing unit is used to perform timing processing after the message transceiver unit sends the enable authentication request message, and waits for the TACACS+ server to respond to the enable authentication request message within a predetermined time;
客户端解析单元,用于解析收到的所述enable认证响应报文;A client parsing unit, configured to parse the received enable authentication response message;
客户端认证判断单元,用于根据所述enable认证响应报文,确定enable认证对接TACACS+服务器是否成功。The client authentication judging unit is configured to determine whether the enable authentication is connected to the TACACS+ server successfully according to the enable authentication response message.
优选地,当所述客户端报文收发单元在发送enable认证请求报文后的预定时间内,未收到所述TACACS+服务器响应的enable认证响应报文时,所述客户端认证判断单元确定enable认证对接TACACS+服务器未成功。Preferably, when the client message sending and receiving unit does not receive the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, the client authentication judging unit determines enable Failed to connect to the TACACS+ server through authentication.
优选地,当所述客户端报文收发单元在发送enable认证请求报文后的预定时间内,收到所述TACACS+服务器响应的enable认证响应报文时,所述客户端认证判断单元利用所述客户端解析单元解析所述enable认证响应报文的解析结果,确定enable认证对接TACACS+服务器是否成功。Preferably, when the client message sending and receiving unit receives the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, the client authentication judging unit utilizes the The client parsing unit parses the parsing result of the enable authentication response message to determine whether the enable authentication is connected to the TACACS+ server successfully.
优选地,所述TACACS+服务器包括:Preferably, the TACACS+ server includes:
服务器报文收发单元,用于接收来自TACACS+客户端的包含所述enable认证类型的所述enable认证请求报文,并向所述TACACS+客户端发送用于响应所述enable认证请求报文的enable认证响应报文;A server message sending and receiving unit, configured to receive the enable authentication request message containing the enable authentication type from the TACACS+ client, and send an enable authentication response for responding to the enable authentication request message to the TACACS+ client message;
服务器解析单元,用于解析所述服务器报文收发单元收到的所述enable认证请求报文,提取其中的enable认证类型;A server parsing unit, configured to parse the enable authentication request message received by the server message sending and receiving unit, and extract the enable authentication type therein;
服务器认证单元,用于根据所述enable认证类型,生成所述enable认证响应报文。The server authentication unit is configured to generate the enable authentication response message according to the enable authentication type.
与现有技术相比较,本发明的有益效果在于:Compared with the prior art, the beneficial effects of the present invention are:
本发明采用enable认证对接TACACS+服务器失败时,能够尝试修改enable认证请求报文的enable认证类型的字段,并重新对接TACACS+服务器,直到该字段修改为对应TACACS+服务器支持的enable认证类型,实现了enable认证成功对接不同TACACS+服务器。When the present invention fails to connect to the TACACS+ server using enable authentication, it can try to modify the field of the enable authentication type of the enable authentication request message, and re-dock the TACACS+ server until the field is modified to the corresponding enable authentication type supported by the TACACS+ server, enabling enable authentication Successfully connected to different TACACS+ servers.
附图说明 Description of drawings
图1是本发明实施例提供的对接TACACS+服务器的enable认证方法框图;Fig. 1 is the block diagram of the enable authentication method of docking TACACS+ server provided by the embodiment of the present invention;
图2是本发明实施例提供的对接TACACS+服务器的enable认证系统网络拓扑图;Fig. 2 is the network topology diagram of the enable authentication system connected to the TACACS+ server provided by the embodiment of the present invention;
图3是本发明实施例提供的enable认证不同认证类型处理的具体流程图。FIG. 3 is a specific flow chart of enabling authentication for different authentication types provided by an embodiment of the present invention.
具体实施方式 Detailed ways
以下结合附图对本发明的优选实施例进行详细说明,应当理解,以下所说明的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The preferred embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described below are only used to illustrate and explain the present invention, and are not intended to limit the present invention.
图1是本发明实施例提供的对接TACACS+服务器的enable认证方法框图,如图1所示,包括:Fig. 1 is a block diagram of an enable authentication method for docking with a TACACS+ server provided by an embodiment of the present invention, as shown in Fig. 1 , including:
步骤S101、在IP网络中,TACACS+客户端向TACACS+服务器发送包含enable认证类型的enable认证请求报文,请求TACACS+服务器进行认证。Step S101 , in the IP network, the TACACS+ client sends an enable authentication request message including the enable authentication type to the TACACS+ server, requesting the TACACS+ server to perform authentication.
进一步地,所述TACACS+客户端在发送enable认证请求报文后进行定时处理,等待所述TACACS+服务器在预定时间内响应所述enable认证请求报文。Further, the TACACS+ client performs timing processing after sending the enable authentication request message, and waits for the TACACS+ server to respond to the enable authentication request message within a predetermined time.
步骤S102、TACACS+服务器收到所述enable认证请求报文后,提取其中的enable认证类型,并根据所述enable认证类型,生成用于响应所述enable认证请求报文的enable认证响应报文并发送至所述TACACS+客户端。Step S102, after the TACACS+ server receives the enable authentication request message, extracts the enable authentication type therein, and according to the enable authentication type, generates an enable authentication response message for responding to the enable authentication request message and sends it to the TACACS+ client.
步骤S103、TACACS+客户端根据所述enable认证响应报文,判断enable认证对接TACACS+服务器是否成功。Step S103 , the TACACS+ client judges whether the enable authentication interconnection with the TACACS+ server is successful according to the enable authentication response message.
步骤S104、当判断结果为未成功时,TACACS+客户端修改enable认证请求报文中的enable认证类型,并重复以上步骤,直至enable认证对接TACACS+服务器成功。Step S104, when the judging result is unsuccessful, the TACACS+ client modifies the enable authentication type in the enable authentication request message, and repeats the above steps until the enable authentication is connected to the TACACS+ server successfully.
进一步地,当所述TACACS+客户端在发送enable认证请求报文后的预定时间内,未收到所述TACACS+服务器响应的enable认证响应报文时,确定enable认证对接TACACS+服务器未成功。Further, when the TACACS+ client does not receive the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, it is determined that the enable authentication interconnection with the TACACS+ server is unsuccessful.
进一步地,当所述TACACS+客户端在发送enable认证请求报文后的预定时间内,收到所述TACACS+服务器响应的enable认证响应报文时,解析所述enable认证响应报文,并利用解析结果确定enable认证对接TACACS+服务器是否成功。Further, when the TACACS+ client receives the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, analyze the enable authentication response message, and use the analysis result Check whether enable authentication succeeds in interconnecting with the TACACS+ server.
上述enable认证类型包括none、ascii、pap、chap、arap、mschap。The enable authentication types above include none, ascii, pap, chap, arap, and mschap.
采用enable认证对接TACACS+服务器时,enable认证类型先采用应用的默认值,如果对接TACACS+服务器失败,则尝试修改对应的enable认证类型除默认值以外的字段值(none、ascii、pap、chap、arap、mschap),并重新发起enable认证,直到成功对接TACACS+服务器。When using enable authentication to connect to a TACACS+ server, the enable authentication type first adopts the default value of the application. If the connection to the TACACS+ server fails, try to modify the field values of the corresponding enable authentication type other than the default value (none, ascii, pap, chap, arap, mschap), and re-initiate the enable authentication until the TACACS+ server is successfully connected.
图2是本发明实施例提供的对接TACACS+服务器的enable认证系统网络拓扑图,如图2所示,包括运行在IP网络上的TACACS+客户端和TACACS+服务器。用户进行enable认证时,TACACS+客户端向TACACS+服务器发送enable认证请求报文,并等待所述TACACS+服务器对所述enable认证请求报文进行响应。其中:FIG. 2 is a network topology diagram of an enable authentication system connected to a TACACS+ server provided by an embodiment of the present invention. As shown in FIG. 2 , it includes a TACACS+ client and a TACACS+ server running on an IP network. When the user performs enable authentication, the TACACS+ client sends an enable authentication request message to the TACACS+ server, and waits for the TACACS+ server to respond to the enable authentication request message. in:
所述TACACS+客户端,用于向TACACS+服务器发送包含enable认证类型的enable认证请求报文,请求TACACS+服务器进行enable认证,并根据收到的enable认证响应报文,判断enable认证对接TACACS+服务器是否成功,当判断结果为未成功时,修改enable认证请求报文中的enable认证类型,并重复进行enable认证,直至enable认证对接TACACS+服务器成功。The TACACS+ client is used to send an enable authentication request message that includes the enable authentication type to the TACACS+ server, request the TACACS+ server to perform enable authentication, and judge whether the enable authentication is connected to the TACACS+ server successfully according to the received enable authentication response message, If the judgment result is unsuccessful, modify the enable authentication type in the enable authentication request packet, and repeat the enable authentication until the enable authentication is successfully interconnected with the TACACS+ server.
具体地,所述TACACS+客户端包括:Specifically, the TACACS+ client includes:
客户端报文收发单元,用于发送包含enable认证类型的enable认证请求报文,并接收所述TACACS+服务器响应的所述enable认证响应报文;A client message sending and receiving unit, configured to send an enable authentication request message containing an enable authentication type, and receive the enable authentication response message responded by the TACACS+ server;
客户端定时单元,用于在所述报文收发单元发送所述enable认证请求报文后进行定时处理,等待所述TACACS+服务器在预定时间内响应所述enable认证请求报文;The client timing unit is used to perform timing processing after the message transceiver unit sends the enable authentication request message, and waits for the TACACS+ server to respond to the enable authentication request message within a predetermined time;
客户端解析单元,用于解析收到的所述enable认证响应报文;A client parsing unit, configured to parse the received enable authentication response message;
客户端认证判断单元,用于根据所述enable认证响应报文,确定enable认证对接TACACS+服务器是否成功。即当所述客户端报文收发单元在发送enable认证请求报文后的预定时间内,未收到所述TACACS+服务器响应的enable认证响应报文时,所述客户端认证判断单元确定enable认证对接TACACS+服务器未成功。当所述客户端报文收发单元在发送enable认证请求报文后的预定时间内,收到所述TACACS+服务器响应的enable认证响应报文时,所述客户端认证判断单元利用所述客户端解析单元解析所述enable认证响应报文的解析结果,确定enable认证对接TACACS+服务器是否成功。The client authentication judging unit is configured to determine whether the enable authentication is connected to the TACACS+ server successfully according to the enable authentication response message. That is, when the client message sending and receiving unit does not receive the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, the client authentication judging unit determines that the enable authentication is docked TACACS+ server was unsuccessful. When the client message sending and receiving unit receives the enable authentication response message responded by the TACACS+ server within a predetermined time after sending the enable authentication request message, the client authentication judging unit uses the client to analyze The unit analyzes the analysis result of the enable authentication response message, and determines whether the enable authentication is connected to the TACACS+ server successfully.
所述TACACS+服务器,用于在收到所述enable认证请求报文后,提取其中的enable认证类型,并根据enable认证类型,生成用于响应所述enable认证请求报文的enable认证响应报文并发送至所述TACACS+客户端。The TACACS+ server is configured to, after receiving the enable authentication request message, extract the enable authentication type therein, and generate an enable authentication response message for responding to the enable authentication request message according to the enable authentication type, and sent to the TACACS+ client.
具体地,所述TACACS+服务器包括:Specifically, the TACACS+ server includes:
服务器报文收发单元,用于接收来自TACACS+客户端的包含所述enable认证类型的所述enable认证请求报文,并向所述TACACS+客户端发送用于响应所述enable认证请求报文的enable认证响应报文;A server message sending and receiving unit, configured to receive the enable authentication request message containing the enable authentication type from the TACACS+ client, and send an enable authentication response for responding to the enable authentication request message to the TACACS+ client message;
服务器解析单元,用于解析所述服务器报文收发单元收到的所述enable认证请求报文,提取其中的enable认证类型;A server parsing unit, configured to parse the enable authentication request message received by the server message sending and receiving unit, and extract the enable authentication type therein;
服务器认证单元,用于根据所述enable认证类型,生成所述enable认证响应报文。The server authentication unit is configured to generate the enable authentication response message according to the enable authentication type.
所述对接TACACS+服务器的enable认证系统的工作流程具体说明如下:The workflow of the enable authentication system connected to the TACACS+ server is specifically described as follows:
1、首先采用TACACS+enable方式认证,TACACS+客户端通过向TACACS+服务器发送enable认证请求报文发起认证请求,记录所述enable认证请求报文中的enable认证类型的默认值。1. Firstly, TACACS+enable authentication is adopted. The TACACS+ client initiates an authentication request by sending an enable authentication request message to the TACACS+ server, and records the default value of the enable authentication type in the enable authentication request message.
2、TACACS+服务器判断enable认证请求报文对应的字段填写的数值是否符合TACACS+草案(The TACACS+ Protocol Version 1.78)规定,从而判断enable认证成功还是失败。草案规定enable认证请求报文填写如下字段:2. The TACACS+ server judges whether the value filled in the field corresponding to the enable authentication request message complies with the provisions of the TACACS+ draft (The TACACS+ Protocol Version 1.78), so as to judge whether the enable authentication succeeds or fails. The draft stipulates that the enable authentication request message should be filled with the following fields:
action=TAC_PLUS_AUTHEN_LOGINaction=TAC_PLUS_AUTHEN_LOGIN
priv_lvl=implementation dependentpriv_lvl=implementation dependent
authen_type=not usedauthen_type=not used
service=TAC_PLUS_AUTHEN_SVC_ENABLEservice=TAC_PLUS_AUTHEN_SVC_ENABLE
由于TACACS+是草案,没有形成RFC,不同TACACS+服务器对authen_type字段的填写要求不尽相同。Since TACACS+ is a draft and no RFC has been formed, different TACACS+ servers have different requirements for filling in the authen_type field.
当enable认证请求报文对应的authen_type字段填写的数值符合TACACS+服务器的填写要求时,TACACS+服务器向TACACS+客户端发送用于表示对接成功的enable认证响应报文,否则向TACACS+客户端发送用于表示对接失败的enable认证响应报文。When the value filled in the authen_type field corresponding to the enable authentication request message meets the filling requirements of the TACACS+ server, the TACACS+ server sends an enable authentication response message to the TACACS+ client to indicate that the connection is successful; otherwise, it sends a message to the TACACS+ client to indicate the connection Failed enable authentication response packet.
3、TACACS+客户端接收所述enable认证响应报文并解析,当判断enable认证对接TACACS+服务器成功时,结束流程。例如,TACACS+客户端收到的所述enable认证响应报文的status值不是TAC_PLUS_AUTHEN_STATUS_ERROR(0x07),则enable认证对接TACACS+服务器成功,即所述TACACS+客户端使用TACACS+服务器端进行enable认证成功。3. The TACACS+ client receives the enable authentication response message and parses it, and ends the process when it judges that the enable authentication is connected to the TACACS+ server successfully. For example, if the status value of the enable authentication response message received by the TACACS+ client is not TAC_PLUS_AUTHEN_STATUS_ERROR (0x07), then the enable authentication is successfully interconnected with the TACACS+ server, that is, the TACACS+ client uses the TACACS+ server to perform enable authentication successfully.
4、TACACS+客户端确认enable认证对接TACACS+服务器不成功时,修改enable认证类型为下一enable认证类型,并在判断当前enable认证请求报文的enable认证类型不是应用的默认值并且所有的enable认证类型没有尝试完毕时,继续向TACACS+服务器发起认证请求直至enable认证对接TACACS+服务器成功。4. When the TACACS+ client confirms that the enable authentication fails to connect to the TACACS+ server, modify the enable authentication type to the next enable authentication type, and judge that the enable authentication type of the current enable authentication request message is not the default value of the application and all enable authentication types If the attempt is not completed, continue to initiate authentication requests to the TACACS+ server until the enable authentication is successfully connected to the TACACS+ server.
所述对接失败的情形,即所述TACACS+客户端使用TACACS+服务器进行enable认证对接TACACS+服务器失败的情形包括:The situation of the docking failure, that is, the situation where the TACACS+ client uses the TACACS+ server to perform enable authentication to connect to the TACACS+ server fails includes:
(1)TACACS+客户端收到TACACS+服务器返回的enable认证响应报文的status值为TAC_PLUS_AUTHEN_STATUS_ERROR(0x07)。(1) The status value of the enable authentication response message returned by the TACACS+ client to the TACACS+ server is TAC_PLUS_AUTHEN_STATUS_ERROR (0x07).
(2)TACACS+客户端和网络连接正常情况下,在发送enable认证请求报文后的预定时间内不能收到TACACS+服务器响应的所述enable认证响应报文。(2) Under normal conditions of the TACACS+ client and the network connection, the enable authentication response message responded by the TACACS+ server cannot be received within a predetermined time after sending the enable authentication request message.
图3是本发明实施例提供enable认证不同认证类型处理的具体流程,如图3所示,包括:Fig. 3 is the specific process of the embodiment of the present invention to provide different authentication types of enable authentication, as shown in Fig. 3, including:
步骤S301、首先采用TACACS+enable认证方式,认证类型采用应用的默认值(比如none),记录下该默认值。Step S301 , first adopt the TACACS+enable authentication mode, the authentication type adopts the default value of the application (such as none), and record the default value.
步骤S302、TACACS+客户端通过向TACACS+服务器发送包含enable认证类型的enable认证请求报文发起认证。In step S302, the TACACS+ client initiates authentication by sending an enable authentication request message containing the enable authentication type to the TACACS+ server.
步骤S303、如果TACACS+客户端确认enable认证对接TACACS+服务器成功,则结束流程,否则,执行步骤S304。Step S303, if the TACACS+ client confirms that the enable authentication is successfully connected to the TACACS+ server, then end the process; otherwise, execute step S304.
步骤S304、如果TACACS+客户端确认enable认证对接TACACS+服务器失败,则将该enable认证类型修改为下一种enable认证类型。Step S304, if the TACACS+ client confirms that the enable authentication fails to connect to the TACACS+ server, then modify the enable authentication type to the next enable authentication type.
步骤S305、TACACS+客户端判断所述enable认证请求报文的enable认证类型是否是应用的默认值,如果是默认值,则执行步骤S304,重新修改enable认证请求报文的enable认证类型,否则,执行步骤S306。Step S305, the TACACS+ client judges whether the enable authentication type of the enable authentication request message is the default value of the application, if it is the default value, then execute step S304, re-modify the enable authentication type of the enable authentication request message, otherwise, execute Step S306.
步骤S306、TACACS+客户端判断enable认证请求报文的所有的enable认证类型是否都尝试过,如果是,则结束流程,否则执行步骤S302。Step S306 , the TACACS+ client judges whether all enable authentication types in the enable authentication request message have been tried, and if so, ends the process, otherwise executes step S302 .
综上所述,本发明具有以下技术效果:In summary, the present invention has the following technical effects:
本发明克服了enable认证请求报文的enable认证类型不能修改的缺陷,实现了通过自适应修改enable认证请求报文的enable认证类型,成功对接不同TACACS+服务器的功能。The invention overcomes the defect that the enable authentication type of the enable authentication request message cannot be modified, and realizes the function of successfully docking different TACACS+ servers by adaptively modifying the enable authentication type of the enable authentication request message.
尽管上文对本发明进行了详细说明,但是本发明不限于此,本技术领域技术人员可以根据本发明的原理进行各种修改。因此,凡按照本发明原理所作的修改,都应当理解为落入本发明的保护范围。Although the present invention has been described in detail above, the present invention is not limited thereto, and various modifications can be made by those skilled in the art based on the principle of the present invention. Therefore, any modifications made according to the principles of the present invention should be understood as falling within the protection scope of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101992147A CN102739657A (en) | 2012-06-15 | 2012-06-15 | Enable authentication method and method for butt TACACS (Terminal Access Controller Access Control System) + server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101992147A CN102739657A (en) | 2012-06-15 | 2012-06-15 | Enable authentication method and method for butt TACACS (Terminal Access Controller Access Control System) + server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102739657A true CN102739657A (en) | 2012-10-17 |
Family
ID=46994441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101992147A Pending CN102739657A (en) | 2012-06-15 | 2012-06-15 | Enable authentication method and method for butt TACACS (Terminal Access Controller Access Control System) + server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102739657A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017076363A1 (en) * | 2015-11-06 | 2017-05-11 | Mediatek Inc. | Method for efficient reliable transmission |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6466964B1 (en) * | 1999-06-15 | 2002-10-15 | Cisco Technology, Inc. | Methods and apparatus for providing mobility of a node that does not support mobility |
| CN1753359A (en) * | 2004-09-24 | 2006-03-29 | 华为技术有限公司 | Method of implementing transmission syncML synchronous data |
| CN1859415A (en) * | 2006-04-04 | 2006-11-08 | 华为技术有限公司 | Method and device for forced verifying from end-to-end protocol |
| CN101083528A (en) * | 2007-06-08 | 2007-12-05 | 中兴通讯股份有限公司南京分公司 | Dynamic host configuring protocol based security access method and system |
| CN101742497A (en) * | 2009-12-24 | 2010-06-16 | 中兴通讯股份有限公司 | Method for realizing access authentication and client |
-
2012
- 2012-06-15 CN CN2012101992147A patent/CN102739657A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6466964B1 (en) * | 1999-06-15 | 2002-10-15 | Cisco Technology, Inc. | Methods and apparatus for providing mobility of a node that does not support mobility |
| CN1753359A (en) * | 2004-09-24 | 2006-03-29 | 华为技术有限公司 | Method of implementing transmission syncML synchronous data |
| CN1859415A (en) * | 2006-04-04 | 2006-11-08 | 华为技术有限公司 | Method and device for forced verifying from end-to-end protocol |
| CN101083528A (en) * | 2007-06-08 | 2007-12-05 | 中兴通讯股份有限公司南京分公司 | Dynamic host configuring protocol based security access method and system |
| CN101742497A (en) * | 2009-12-24 | 2010-06-16 | 中兴通讯股份有限公司 | Method for realizing access authentication and client |
Non-Patent Citations (1)
| Title |
|---|
| D. CARREL ET AL.: "《The TACACS+ Protocol Version 1.78》", 《IETF》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017076363A1 (en) * | 2015-11-06 | 2017-05-11 | Mediatek Inc. | Method for efficient reliable transmission |
| US10142253B2 (en) | 2015-11-06 | 2018-11-27 | Hfi Innovation Inc. | Method for efficient reliable transmission |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103647777B (en) | Safety certificate method and bidirectional forwarding detection BFD equipment | |
| TWI735429B (en) | Authentication method, device, system and electronic equipment for client login server end | |
| CN102014416B (en) | Method and system for bidirectional detection of connection | |
| CN102035904A (en) | Method for converting TCP network communication server into client | |
| CN103024040B (en) | The method and system of process webpage authenticated user repeat logon | |
| CN105871584A (en) | Method, device and system for updating client configuration in key value pair database | |
| CN105162802B (en) | Portal authentication method and certificate server | |
| CN102684899B (en) | Method, ACS (auto-configuration server) and system for obtaining equipment status based on TR069 protocol | |
| WO2015070540A1 (en) | Terminal pairing method, terminal and system | |
| CN103685398B (en) | Communication connection method for building up and communication system | |
| CN111541776A (en) | Safe communication device and system based on Internet of things equipment | |
| CN103905268B (en) | GRE chain circuit detecting methods, master control borad, device and communication guard system | |
| US10680930B2 (en) | Method and apparatus for communication in virtual network | |
| CN104580346B (en) | Data transmission method and device | |
| CN104735050A (en) | Authentication method integrating mac authentication and web authentication | |
| CN102546633A (en) | Selection method and device for Web authentication server | |
| CN102316076B (en) | Method, device and system for recognizing cross-network system user | |
| CN105072148A (en) | Method and device for building connection with terminal | |
| CN106708881B (en) | Interactive method and device based on network file system | |
| CN102739657A (en) | Enable authentication method and method for butt TACACS (Terminal Access Controller Access Control System) + server | |
| CN113691591A (en) | Data transmission method, device and computer readable storage medium | |
| CN103139187A (en) | Method and device for interacting with telnet servers | |
| CN109286665B (en) | Real-time mobile game long link processing method and device | |
| CN105939317A (en) | Parsing method and parsing device for SSL handshake message | |
| CN106375265A (en) | Household gateway and communication management method and communication system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121017 |