Why TACACS+ Is Indispensable Today
Anyone who operates network devices—switches, routers, firewalls—in a professional infrastructure needs a clear answer to the question: Who is authorized to configure what, and how is this fully logged?
The answer is TACACS+ – the protocol for Authentication, Authorization, and Accounting (AAA) that Cisco devices and many other network components support natively. With RFC 8907 it was fully standardized in 2020; RFC 9887 is now supplemented by modern TLS 1.3 security.
TACACS+ consistently adheres to least privilege—a principle that is more important than ever in the context of modern zero-trust architectures: The right people are granted exactly the permissions they need—and nothing more. Unlike RADIUS, TACACS+ enables this fine-grained control at the command and device level directly within the protocol. Management sessions are clearly separated, and every action is fully logged. For environments subject to NIS2 and KRITIS requirements, this is not a nice-to-have, but a must.
Open Source – developed by inducio, integrated by extocode
inducio is developing a fully RFC-compliant TACACS+ server as an open-source project. The source code is publicly available on GitHub—transparent, verifiable, and free to use. Anyone who wants to run the server on their own can do so independently of any other platform.
For customers looking for a comprehensive network security platform, the server is also integrated into the COD platform as a native module—alongside COD-NAC, COD-Firewall, and COD-Network—for seamless, centralized management.
Current status of development
Done: Management API
The REST API for comprehensive configuration management is now available—users, groups, devices, ACLs, and rules can all be managed programmatically.
Almost done: Web UI
The administration interface is largely complete. Still pending: drag-and-drop for rule order—nearing completion.
In development: TACACS+ server core
The actual daemon, which accepts connections from network devices and responds with “permit” or “deny,” is currently under active development.
Planned: TACACS+ over TLS (RFC 9887)
This will be followed by the implementation of TACACS+ over TLS—with TLS 1.3 as a mandatory requirement. In regulated environments, this is becoming increasingly essential for management traffic over WAN links or untrusted segments.
Conclusion
The inducio TACACS+ server provides an open, RFC-compliant component for secure network infrastructures—available for use as a standalone solution or as a COD module for organizations seeking a comprehensive network security platform.