Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2891
Views
0
Helpful
1
Replies

TACACS+, $enable$ and $enab15$

annayuzhao
Level 1
Level 1

‎03-30-2005 01:45 PM - edited ‎03-10-2019 02:05 PM

Hi all

We setup TACACS+ authentication by

following this link

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml .

We noticed there are some authentication failures among couple hundred success. From the TACACS+ log file it indicateds for these failed logon it uses $enab15$ and not $enable$ to do authentication. But we only configured $enable$ on the TACACS+ based on the above Cisco link.

I have the following questions about this issue:

1. What's the difference between $enab15$ and $enable$?

2. Under which circumstance the server will use $enab15$ instead of $enable$ when the server actually is only configured with $enable$.

Thanks very much

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎04-05-2005 10:46 AM

Whenever you attempt to enable, an authentication request is sent with the special username $enab$ where is the privilege level you are attempting to enable to. In order to be compatible with earlier versions of tacacs, when the requested enable level is 15, the daemon will also try the username $enable$ before trying username $enab15$.

0 Helpful
Customers Also Viewed These Support Documents