Note
Note
To delete a per-server encryption key in the switch, re-enter the tacacs-server
host command without the key parameter. For example, if you have north01
configured as the encryption key for a TACACS+ server with an IP address of
10.28.227.104 and you want to eliminate the key, you would use this command:
HP Switch(config)# tacacs-server host 10.28.227.104
You can save the encryption key in a configuration file by entering this
command:
HP Switch(config)# tacacs-server key <keystring>
The <keystring> parameter is the encryption key in clear text.
The show tacacs command lists the global encryption key, if configured.
However, to view any configured per-server encryption keys, you must use
show config or show config running (if you have made TACACS+ configuration
changes without executing write mem).
Configuring the Timeout Period. The timeout period specifies how long
the switch waits for a response to an authentication request from a TACACS+
server before either sending a new request to the next server in the switch's
Server IP Address list or using the local authentication option. For example,
to change the timeout period from 5 seconds (the default) to 3 seconds:
HP Switch(config)# tacacs-server timeout 3
TACACS+ Authentication
Configuring TACACS+ on the Switch
5-23