Basic message exchange process of hwtacacs – H3C Technologies H3C SecPath F1000-E User Manual
Page 431
2
Basic Message Exchange Process of HWTACACS
The following takes a Telnet user as an example to describe how HWTACACS performs user
authentication, authorization, and accounting.
illustrates the basic message exchange process
of HWTACACS.
Figure 1 Basic message exchange process of HWTACACS for a Telnet user
Host
HWTACACS client
HWTACACS server
1) The user logs in
2) Start-authentication packet
3) Authentication response requesting the username
4) Request for username
5) The user inputs the username
6) Authentication continuance packet with the
username
7) Authentication response requesting the login
password
8) Request for password
9) The user inputs the password
11) Authentication response indicating successful
authentication
12) User authorization request packet
13) Authorization response indicating successful
authorization
14) The user logs in successfully
15) Start-accounting request
16) Accounting response indicating the start of
accounting
17) The user logs off
18) Stop-accounting request
19) Stop-accounting response
10) Authentication continuance packet with the
login password
1.
A Telnet user sends an access request to the NAS.
2.
Upon receiving the request, the HWTACACS client sends a start-authentication packet to the
HWTACACS server.
3.
The HWTACACS server sends back an authentication response, requesting the username.
4.
Upon receiving the response, the HWTACACS client asks the user for the username.
5.
The user inputs the username.