Authentication, Authorization, and Accounting Commands on CiscoIOS XR Software
tacacs-server key
SR-84
Cisco IOS XR System Security Command Reference
tacacs-server keyToset the authentication encryption key used for all TACACS+communications between the HF and the
TACACS+ daemon, use the tacacs-server key command in global configuration mode. To disable the
key, use theno form of this command.
tacacs-server key key-name
no tacacs-server key
Syntax Description
Defaults No default behavior or values
Command Modes Global configuration
Command History
Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper
task IDs. For detailed information about user groups and task IDs, see the ConfiguringAAA Services on
Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
The key name entered must match the key used on the TACACS+ daemon. All leading spaces are
ignored; spaces within and after the key are not. If you use spaces in your key,do not enclose the key in
quotation marks unless the quotation marks themselves are part of the key.
The TACACS server key is used only if no key is configured for an individual TACACS server. Keys
configured for an individual TACACS server always override this global key configuration.
Task ID
Examples The following example sets the authentication and encryption key to key1:
RP/0/RP0/CPU0:router(config)# tacacs-server key key1
key-name Nameof the key used to set authentication and encryption. This key name must match
the keyused on the TACACS+ daemon. This key name applies to all serversthat have
no individual keys specified.
Release Modification
Release 2.0 This command was introduced on the Cisco CRS-1.
Release 3.0 No modification.
Release 3.2 This command was supported on the Cisco XR 12000 Series Router.
Release 3.3.0 No modification.
Task ID Operations
aaa read, write